October/November 2004 
WWww.acs.org.au/infoage.html 


Customs’ Major Makeover 
VoIP: The Pain and the Promise 


AUSTRALIAN | = e- —— = Solaward Accredited 
COMPUTER gam mee: : — Winner 2003. Journal 2004 


SOCIETY 


ROHAN HAS 


THE EDGE 


An ACS Member for over 14 years, Rohan David has been working 
with global multinational organizations comprising broad product 
portfolios including responsibility for the Due Diligence/IT 
integration of a newly acquired company for a leading food group. 
His initiatives have involved large cross disciplined teams where 
he has played many roles from Business Consulting to Project 
Management. Rohan became a CMACS in IT Strategy and 
Management in 1997. 


ACS Project Management Specialisation 


Project Management (PM) is a creative problem-solving 
process that determines a project’s failure or success. 
Poor project management has been a contributing factor 
to the “credibility” problem of many IS/IT organisations 
and functional areas. Our PM specialist subjects cover: 


¢ Lessons learned from success and failures 
¢ Project management frameworks 

¢ Project context 

¢ Integration and initiation processes 
¢ Project planning 

¢ Project scope 

¢ Time management 

¢ Benefit and cost management 

¢ Human resource management 

¢ Risk management 

* Quality management 

¢ Communications management 

¢ IS/IT projects 

¢ Managing e-projects 

¢ IS/IT development methods 

e Advanced project techniques 


¢ Managing contemporary IS/IT projects such as ERP, 
CRM, DW, BI and KM projects 


DO YOU? 


“The CMACS program subject content is compiled by industry 
experts and gave me up-to-date knowledge on trends, legal issues 
and strategic insights that complemented my work and I was 
able to leverage value from it. The program had a good choice of 
specialisations in addition to the core subjects of IT Trends and 
Business, Legal and Ethical Issues”. 

Rohan was awarded Project Manager of the Year 2004 by the 
Project Management Institute (PMI) Australia. 


Other Specialisations include: 
¢ e-Business 
¢ e-Learning 


¢ Knowledge Management 


¢« Management and Strategy for IS 
* Software Development 


Core Subjects: 
¢ IT Trends 
¢ Business, Legal and Ethical Issues 


Get Certified 


The Certification Program is a Master’s level global learning 
program. Subjects can be credited towards graduate Diploma 
and master’s awards. Full credit is given for our subjects by 
our university partners. 


Flexible Enrolment 


Anytime - Anywhere Start Now! 


Call us on 1800 671 003 for a comprehensive 
brochure or to find out more. 


You can also email us at certification@acsvic.com 


For more information, please visit: 


www.acs.org.au/certification 


AN INITIATIVE OF: 


C> Certifying Your Specialist CT Knowledge 


Certification 
Program 


Australian Computer Society 
a 


12 


15 


17 


19 


26 


56 


58 


63 


65 


67 


OCTOBER/NOVEMBER 2004 


Cover story: Shift toward unified security emerges 


Centralised control becomes key as physical access systems 
merge with IT infrastructure 


Digital eyes and ears 
Keeping watch while you’re away 


Cross-eyed surveillance 
Local systems sets world benchmark 


Protecting critical infrastructure 
Terrorism is forcing security awareness 


Local telco billing system slashes costs 
Garnering interconnect call revenues — and saving money 


The long view on Longhorn 
The successor to XP is years away, but already raising heads 
Guiding our biggest e-government job 


Customs’ massive project calls for high-level nous 


Customs’ cargo management architecture 
What it is and what it does 


VoIP: the promise and the pain 
The six myths of IT 
Debunking beliefs that could trip up your tech strategy 


Why ICT needs emotionally intelligent team leaders 
— By John Batros 
Holistic education essential — to a degree 


Job ads demand interpersonal, non-tech skills 


ICT must drive transport’s future 
Intelligent Transport Systems as the next “big thing”? 


Better information for better business 
Profiling Cyril Brookes 


Standards need more rigour 
By Tom McBride 


ACS News 
Australian Computer Society initiatives, research and events 
COLUMNS 
2 Creating policy with legs 
— By Edward Mandla 


22 The transformation of search 
— By Bill French 


24 Opinion: The ECM revolution 
— By Graeme Philipson 


62 New membership categories swell ranks 
— By Dennis Furini 


Information Age | Octoper/Novewper 2004 | 1 


By Edward Mandla 


President, Australian Computer Society 


Creating policy 


with legs 


BY THE TIME you read this column, the federal 
election will have been decided. 

The good news is that, for the first time, 
I believe the Coalition, ALP and even the 
Greens are starting to understand the issues 
impacting our industry. 

We’ve covered new ground this year; 
after polling members on whether the ACS 
should invest in lobbying government, 97 per 
cent say that is absolutely what we must do. 

There are many advantages in coming 
from a zero base. We made a critical decision 
early that it was too late to influence the 2004 
election. We decided to be forward thinking 
and create policy with legs that would influ- 
ence the 2007 election. 


was when we launched it in May, and contin- 
ues to be quoted and referenced widely. 

When I wrote this column, Labor was 
clearly articulating support for the ACS Off- 
shoring Guidelines “as a useful and necessary 
test for Federal Government agencies and 
departments”. 

The Coalition also announced its strong 
support for best practice guides in this area, 
with Minister Coonan welcoming and 
encouraging the strong interest from indus- 
try in the ACS guidelines. 

One of the great advantages of having 
policy with legs is that you can keep point- 
ing people back to it and we’ve had plenty of 
opportunities to do just that. 


Our industry offers tremendous rewards, yet 
it has a reputation of making its professionals 
work long hours in relative isolation 


Creating policy with legs means getting 
the best brains into a room and expecting 
that they will do no work beyond that meet- 
ing. We have policy writers, facilitators and 
economists available to sketch out quickly 
what is and what isn’t possible. 

We then take the ideas to the member- 
ship for critical review, inviting feedback and 
opinions from a wide range of sources. 

I think our first example of policy with 
legs was Offshoring. Without doubt, this is 
one of the most complex and controversial 
topics in our industry, prompting an emo- 
tional response from many. 

The ACS represents members who work 
for offshoring companies and members who 
are making decisions to displace fellow Aus- 
tralians, while other members have lost their 
jobs because of offshoring, yet, through this 
minefield, our policy is as fresh today as it 


Stand by for several new policy initia- 
tives from the ACS, including one on work/ 
life issues. When the ACS staged a cocktail 
party at Parliament House last May, the then 
minister congratulated the Society for taking 
the initiative in this policy area, comment- 
ing that the Prime Minister was interested 
in seeing the outcome. 

Our industry offers tremendous rewards, 
yet it has a reputation of making its profes- 
sionals work long hours in relative isola- 
tion. 

Our daily job is to shape business prac- 
tices to make them more productive. We 
now need to shape our own industry to 
ensure we can keep existing workers chal- 
lenged and happy, while being attractive to 
prospective ones. 

Our working group found that happy 
employees are more productive and deliver 


higher quality work. We expect our policy 
initiaitves to not only have strong implica- 
tions for our own industry, but also enor- 
mous potential to be adopted by others. 

Working more closely with government 
has been a learning exercise. I’m pleased that 
the ACS has daily dialogue with both sides 
of government, either directly with ministers 
or indirectly, through our advisers talking to 
theirs. 

We decided to be solutions-oriented. 
This meant avoiding the temptation to criti- 
cise governments on everything, but rather 
seeking to understand their imperatives and 
be first in line to shape future thinking. 

It’s exciting; the more you work with gov- 
ernment, the more you learn and the more you 
have to say, and our opinions are being sought. 
In turn, we can use public forums like the media 
to influence the agenda and drive debate. 

The ACS media presence this year has 
been unprecedented and it is wonderful to 
hear from ACS members who are proud to 
see the ACS name consistently in the public 
domain. 

Last month, ACS history was made with 
the first ever advertisements promoting our 
profession on television and on Qantas 
flights. It has been part of our vision to com- 
municate what we do to ordinary Australians, 
encouraging them to be supportive of their 
children if they want to work in ICT. 

Equally, it was time to communicate to 
corporate boards and their directors what 
our profession does. This is part of a strat- 
egy to start influencing large organisations to 
iclude ICT professionals on their boards to 
provide that vital ICT knowledge and vision 
to inform decisions. 

Thanks for your support and encour- 
agerment for our ongoing efforts. I enjoyed 
meeting many of you at the recent ACS 
National Conference in Melbourne and 
always welcome your feedback. @> 


2 | Information Age | Octoser/Novemeer 2004 


5 
grr [ 
. Sot x 
say = | 
te han - 
reerol M 


Number one for choice. 


Centralised control becomes key as physical 
access systems merge with IT infrastructure 


WHEN DELAWARE STATE UNIVERSITY took a hard look at its campus-wide 
security systems in the late 1990s, it didn’t like what it saw. The school’s 1800 students used 
multiple passwords for various campus IT systems. They carried a mish-mash of identity and 
access cards for the library, residence halls, bookstore and cafeteria. According to CIO and 
Assistant Provost Dr Charles Fletcher Jr, “We were experiencing difficulty with keys and 
significant theft.” 

School officials set out to unite the university’s multiple physical and IT security systems 
with a single, campus-wide access card, which could be centrally administered and monitored. 
So in 2002, working with Siemens, Delaware State launched the DSU Smart Card, incorporat- 
ing a picture ID, barcode, magnetic stripe, RF (radio frequency) antenna and microprocessor 
to manage student access to the campus’s diverse physical and IT infrastructure. 

Fletcher claims theft is down almost 20 per cent and says the unified system makes it easy 
to trip alarms and immediately cut off access to buildings or networks. 

Welcome to the world of converged enterprise security. By linking physical access systems 
to IT security systems, organisations are laying the groundwork to ensure that the two systems 
work in concert, controlling access and fending off attacks, while providing greater efficiency 


in user provisioning and authentication. 


emerges 


ILLUSTRATIONS: RON BROWN 


Information Age | Octoser/Novemeer 2004 | 5 


“The No. 1 reason for interest in merging ? 
physical and IT security systems is provisioning” 


Vendors such as Siemens and Computer 
Associates already offer systems that moni- 
tor and correlate data from both physical 
and IT security sources. Although adoption 
in the enterprise is still in the early stages, 
it’s growing steadily behind the scenes, 
particularly at large financial services com- 
panies and in government, health-care, 
communications, and intellectual-property- 
intensive industries. 

Not only will the resulting converged 
systems make legitimate access easier, they 
will also dramatically raise the level of secu- 
rity intelligence by correlating physical and 
virtual data in real time to detect threats. 
These systems may sound an alarm when 
your machine is in use but you’re not physi- 
cally in the building. They may lock you 
out if you try to enter two buildings 150km 
apart in under an hour. They may automati- 
cally delete data on mobile devices that stray 


outside of a certain perimeter and are thereby 
deemed stolen. And they will be sure to log 
suspicious behavior for future analysis and 
potential prosecution. 

“Previously this was just a dream,” says 
Erik Layton, senior investigator at Pinker- 
ton’s worldwide IT practice group. “If you 
can integrate the identification of poten- 
tial anomalous behavior, you’re going to 
have a much more integrated approach to 
responding to risk, [resulting in] an exponen- 
tial increase in enterprises’ ability to thwart 
attack,” he says. 


Authentication: The enterprise- 
wide credential 

A key building block of the converged secu- 
rity vision — and one of its biggest benefits 
— is the ability to give employees a single 
enterprise-wide credential they can use for 
both online and physical access. Having one 


credential would provide convenience to 
users and would make it easier to centrally 
provision and administer user identities and 
authentication. 

“The No. | reason for interest in merg- 
ing physical and IT security systems is pro- 


’ 


visioning,” says Eric Maurice, director of 
eTrust Security Management at Computer 
Associates International. In most enterprises, 
these disparate systems don’t talk to each 
other, he adds. 

Such an enterprise-wide credential can 
take the form of a smart card or a combina- 
tion of a smart card plus biometrics, explains 
Sun’s director of Java Card Business, Peter 
Cattaneo. “I can now write a Java smart card 
applet, which can talk to my door or log in 
over the network. When you show up at a 
door, it just opens and your session is ready 
on the computer.” 

But the devil is in the details because 
of an immature but quickly evolving set of 
authentication technologies and the difficulty 
of getting large organisations to develop uni- 
fied processes to make sure a person is who 
their credential says they are. 

Enterprises must make trade-offs, for 


Biometrics move into the mix 


As physical and IT security converges, biometric devices, 
which measure human characteristics such as fingerprints or 
retinas, have so far failed to win a role as stand-alone authen- 
tication credentials due to their perceived vulnerabilities. They 
are, however, gaining traction as a supplement to smart 


to gain unauthorised access to physical facilities and 
IT systems. 

Biometrics offer advantages over smart cards in 
terms of convenience, says Novell Security Czar Ed 
Reed. “It’s easier to reach up and grab a fingerprint 
pad than to remove a smart card from a badge and 
slide it through a reader,’ he explains, noting that com- 
panies are increasingly using biometric authentication 
to supplement smart cards in sensitive network environ- 
ments. 

But individual biometric techniques such as palm, iris, and 
fingerprint scans have their weaknesses, not least of which is 
the relative ease of spoofing. “You can make a gelatin mould of 
a fingerprint and use it to fool a fingerprint reader under certain 
circumstances,’ explains Richard Hunter, research director at 
Gartner. 

“None of this stuff is private. It’s not a secret,’ agrees Sun 
director of Java Card Business Peter Cattaneo. He notes that 
the simplest way to beat biometric authentication is to “get 


a digital copy (of the biometric) and inject it into the network 
behind the sensor”. 

Gartner's Hunter says another issue with biometrics is they 
may only work well under controlled conditions. Facial geometry 


-sr. scans, for example, can be done at a distance but only at 
Dene Sees 


5 : fe. mie 
cards and passwords, which thieves can steal or falsify ae 


certain angles of approach and lighting levels. Hunter 
- also points out that for most biometric systems to work, 
a person's data must already be accurately entered 
into the database. 

“That question shows up in almost any authenti- 
cation scheme: Can you be sure the authentication is 
issued based on accurate data?” Hunter explains. 

Hunter expects biometrics to lag behind smart 
cards for enterprise authentication, except in high- 
security facilities, until a couple of high-profile govern- 

ment biometrics projects — such as the recently announced 

$US10 billion US-Visit border security program — provide proof 
of concept and scalability. 

Biometrics are expected to eventually live up to their long- 
awaited promise as the third pillar of the ultimate identity test: 
“something you have, something you know, something you 
are”. Ultimately, biometrics will be one of the most powerful 
and secure authentication credentials, experts say, but only in 
conjunction with other methods. “It won't be enough to just say: 
‘Here's my fingerprint. Let me in}” Novell's Reed says. 


a 


6 | Information Age | OctoBeR/Novemeer 2004 | 


collaborative 
technologies 


dedicated portal expertise 


THINKING ABOUT 

PORTAL? 
COLLABORATION? 
CONTENT MANAGEMENT? 


THEN YOU WILL RECOGNISE THESE STATEMENTS... : 


___ QO WENEED TO COLLABORATE WITH EACH OTHER 
__ Q MY MAIL INBOX IS CLOGGED WITH INFORMATION | DON’T NEED 
ot NEED TO SECURE ACCESS OUR SYSTEMS WHEN I'M NOT ON OUR NETWORK 
© WE NEED A SIMPLE WAY TO ACCESS ALL OUR SYSTEMS se 
© I CAN'T FIND THE INFORMATION I NEED TO DO MY JOB EFFECTIVELY 
© WHY DOI NEED L.T. TO PUBLISH THIS INFORMATION - WHY CAN'T | Do IT? 
_© WENEED A NEW WEB SITE THAT PROVIDES MORE FUNCTIONALITY _ 


Collaborative Technologies have solved these issues for 
many companies, ranging from small and medium businesses 
to large multinational blue-chip companies - both here and 
overseas. We have helped reshape the way employees do 
their work, improving efficiencies, lowering costs, streamlining 
processes and promoting a collaborative work environment. 


_ To learn more about our ore and services contact us on : 


Ph: (02) 9409 3200 _ Email: info@coll-tech.com.au 


Collaborative 2 Technologies Sydney | Brisbane | Melbourne | London 


Best practices for unified security 


When considering deployment of a converged physical and IT security 
system, enterprises should consider advice from industry experts. 


M@ Have a clear, strategic plan — including goals and expectations for deployment 
— developed with broad participation from multiple constituencies. 


lH Develop a clear set of corporate policies — monitoring, privacy, response, archiv- 


ing, and so on — to guide your deployment. 


HM Have an enterprisewide process in place, not just the technology, to handle identity 


and credential management. 


™ Clearly define the process for how the IT security and physical security teams 


will work together on incident response. 


i Make conscious trade-offs between user convenience and authentication strength, 
matching the level of security with the level of risk. Use multifactor authentication 


where possible. 


M Use your chosen authentication methods, such as smart cards, across as many 
applications as possible to get the maximum cost leverage. 


Hi Centralise credential management and identity provisioning. Link the identity man- 


agement system to your HR systems. 


Make sure all new physical security infrastructure complies with standards and IP 


protocols. 


H@ Build a long-term business case for deployment, and structure long-term vendor 
contracts, including maintenance and upgrades. 


example, between strong multifactor authen- 
tication and usability. Biometric authenti- 
cation methods such as fingerprint analysis 
are growing in popularity but have several 
issues (see Biometrics move into the mix, page 
6). Smart cards, which can combine legacy 
methods such as a magnetic stripe with 
stronger authentication on a microchip, are 
still costly, largely unstandardised, and can 
be stolen if left lying around. Other tech- 
nologies such as RFID (RF identification) 
and GPS (Global Positioning System) are 
just emerging as potential players in the 
authentication process. 

“Tt’s nice that people have so many differ- 
ent choices of so many different technologies 
to experiment with right now,” says Novell 
Security Czar Ed Reed. But he also points to 
inherent challenges when large enterprises 
deploy dual-purpose smart cards that ena- 
ble both online identity authentication and 
physical access. 

“There’s a disconnect if you have to 
take your smart card out and put it in a 
card reader, and you then have to get up 
and go to the bathroom,” Reed notes. “If 


you don’t have to have the card to go to 
the bathroom, you're susceptible to leav- 
ing the card at the workstation, and now 
you’ve just blown the whole purpose. It’s 
got to be more like your keys — you don’t 
leave the office without your keys because 
you can’t drive away if you don’t. Coming 
up with solutions to those types of issues is 
where the rubber meets the road with these 
integration efforts.” 

Organisational roles are another issue. 
Can enterprises make their centralised or 
federated credential management, role- 
based provisioning, and de-provisioning 
operable? “The technology isn’t the biggest 
part of the problem,” says Richard Hunter, 
research director at Gartner. “It’s setting up 
the mechanism to gather the data — and 
[having] the personnel to manage the sys- 
tems and the databases.” 

And finally, making integration invest- 
ments pay off requires wholesale adoption, 
explains John McKeon, a business develop- 
ment executive at IBM Global Services. “The 
ROlis typically not just in physical access or 
network access. [It involves] incorporating 


biometrics as a strong authentication tech- 
nology across a number of systems or smart 
cards — not just with security apps, but with 
other business apps, such as payment, loy- 
alty, vending, cafeteria, employee benefits, 
and parking”, he says. 


Monitoring and correlation 

After an enterprise-wide credential is in 
place, the heart of the converged security 
vision will be the ability to correlate and 
analyse physical and IT security data in real 
time and to take action based on that data to 
prevent unauthorised events and attacks. 

Pinkerton’s Erik Layton, who also runs 
online security, tells of a recent incident at a 
large company where a coordinated approach 
could have averted millions of dollars of 
losses. 

“We had a case where an organisation 
was attacked by an external distributed denial 
of service attack,” Layton recalls. “Simultane- 
ous with the DDoS attack, there was a physi- 
cal theft of intellectual property within the 
organisation — multiple millions of dollars 
worth of customer information and critical 
plans for future development. The net result 
of the investigation was that the success of 
the theft was in large measure because the IT 
security staff's eye was taken off the ball by 
trying to prevent the DDoS attack.” 

Layton believes that if the right rules 
had been in place across a converged IT and 
physical security system, the organisation 
could have thwarted the property theft by 
shutting down physical access to certain crit- 
ical systems when the external servers came 
under attack. “Where these types of moni- 
toring systems will have the most impact is 
handling internal risk,” he asserts. 

Mark Cherry, product development 
manager at Honeywell International, agrees. 
“Access control will typically help a customer 
keep people segregated from areas, based on 
their work roles.” 

Before an organisation can implement 
a system to monitor and respond to the 
actions of its employees, it must develop an 
acceptable set of policies to be scripted into 
a rules engine governing data collection, 
activity-pattern analysis, anomaly detection, 
and archiving. As with most security systems, 
converged systems will do only what the 
corporate policy rule book tells them to do. 
The issue of how to respond to incidents, for 


8 | Information Age | OctoBer/Novemser 2004 


example, is always tricky. A converged system 
might execute certain automatic responses 
to an apparent combined physical and cyber 
threat, such as recording a video clip for later 
review. 

But Glenn McGonnigle, CEO of Vis- 
taScape, a video surveillance software com- 
pany, says that most incidents still require 
a policy-driven escalation process involving 
human beings. 

“Several years ago, we had systems that 
could respond to an attack by dropping a con- 
nection or shutting off a firewall,” McGon- 
nigle says. “But customers weren’t ready for 
that. They didn’t want those systems to take 
that action without oversight.” 


Connecting the physical systems 

All the benefits of converged security 
— more convenient authentication, more 
efficient provisioning, and better threat 
detection — assume that an enterprise’s 
physical access systems are IP-enabled and 
can share data across a network, which is 
not always the case. Devices such as locks, 
badge readers, and surveillance cameras 
have traditionally run on proprietary leg- 
acy networks and protocols and are hardly 


ever upgraded. This has begun to change 
as enterprises look to economise by sharing 
digital infrastructures. 

“The industry is going more and more to 
open protocols because customers want to be 
able to share data at enterprise levels across 
the organisation,” Honeywell’s Cherry says. 
Although physical access systems increas- 
ingly use common protocols such as LDAP 
or SQL database back end, their adminis- 
trative software dashboards, called panels, 
are still largely proprietary and don’t easily 
interconnect with other systems. 

“The biggest challenge really is the 
lack of standards. The panel manufactur- 
says CA’s 
Maurice, who is also executive director of 
Open Security Exchange (OSE), an industry 
group formed to develop common APIs for 
physical-systems functions, including user 


ers are not working together,” 


provisioning and privilege management. 
OSE is working with the Security Indus- 
try Association, which is launching a Data 
Modeling for Access Control workgroup to 
address similar issues. “I think we are a year 
away at least from getting such a standard,” 
Maurice says. 

Another challenge is that when a 


Merged security prompts privacy fears 


In George Orwell's classic novel, 1984, surveillance devices 
constantly monitor the citizens of Oceana, and Big Brother con- 
trols their movements. Orwell may have missed his target by 
about 20 years, but parts of his ominous vision are imminently 
more possible now that physical and IT security systems are 
merging. 

Consider the network-connected door lock, which grants 
employees entry based on their identity or behaviour according 
to policies that reside in a rules engine. That same door lock in 
theory could keep a person locked inside — say, until the end of 
his or her shift. Or consider biometric sensors and surveillance 
cameras, which can track your every move inside a building and 
develop a composite picture of your behaviour, including your 
online activity. 

Extreme? Maybe, but many questions remain as to how con- 
verged systems and the data they generate will be used. Few 
companies are willing to speak publicly about deployments of 
converged physical and IT security systems, says Eric Maurice, 
director of eTrust security management at Computer Associ- 
ates. “They're concerned about the perception the system will 
create with their own employees — the fear that this kind of tool 
will be used to monitor everybody in real time.” 

Mark Cherry, global product development manager of Hon- 
eywell’s Enterprise Building Integrator product, says privacy 


issues are a moving target linked to public sentiment end leg: 
islation. “You're always dealing with the civil liberties aspects — 
of this,’ he says, noting that companies in some Scandinavian — 
countries must, by law, expunge data on pep loves access 
activities within 30 days. 

In the United States, privacy advocates backed off < some a a 
their demands in the wake of Sept. 11. “But as time passes, _ 
the more relaxed people will become (about security measures). 
We're already seeing it” Cherry adds. He notes that some busi- 
nesses, such as pharmaceutical and health-care companies, are — 
required by regulators to collect information about employee i 
activities. But at many companies, monitoring is not viewed as” 
crucial. “If you’ re in a warehouse pushing out paper, you prob- 5 
ably don’t need to track everywhere John has been?’ he | says. 

Other approaches to protecting employee privacy include 4 
keeping biometric data on a smart card as a private key rather — 
than in a central Gatabase and carefully limiting access 3 to cer- 
tain data. 

At Delaware State University, for example, in adaition to i 
having strong, publicly posted privacy policies, the IT depart- 
ment does not have access to data about students’ physical — 
movements around campus, explains Dr Charles Fletcher Jr, the - 
university's ClO. “We try to keep that separate,” he explains. 
“That makes a aucngs peley’ eee. 


Information Age | Octoper/Novemser 2004 | 9 


oducts such as surveillance c 


database 


Physical security ee 


Physical security 


Smart {1D 
credential 


Security door 


physical access system has been IP-enabled, 
it becomes more vulnerable. “These sys- 
tems become vulnerable to identity spoof- 
ing and session hijacking,” Maurice notes. 
“A bad guy can remotely monitor your loca- 
tion by using your own camera, and you 
will not know.” And in one recent case, he 
adds, an upgraded physical-access system 
running Microsoft’s SQL database on the 
back end became infected with SQL Slam- 
mer, partially shutting down the system and 
preventing administrators from adding or 
de-provisioning users. 


Bridging the cultural divide 

A final piece of the converged security puzzle 
involves getting IT and physical security per- 
sonnel — who often have different perspec- 
tives, priorities, and reporting relationships 
— to work well together. “The guy tasked 
with catching a hacker has a different skill 
set than the guy tasked with catching a guy 
climbing a fence,” VistaScape’s McGonnigle 
notes. 


10 | Information Age | Octoser/NovemBer 2004 


server 


“The primary function of IT security is 
to make sure the system works, keeping the 
system up and running,” CA’s Maurice says. 
“Whereas the physical security guys say we 
need to maintain the chain of evidence, we 
can’t use this computer any more. On the 
one hand, you have people who deal with 
cheaters and thieves and physical danger, and 
on the other hand, you have young propeller 
heads.” 

This power struggle has not played out 
yet. “Neither side wants to give up owner- 
ship and management of identity,” Novell’s 
Reed says. “There are politics involved, 
having to do with who’s authoritative and 
whom the various [departments] of the 
organisation trust to feed them update 
information.” 

But VistaScape’s McGonnigle thinks 
both sides are gaining the other's respect as 
they increasingly share the same infrastruc- 
ture and become more reliant on each other. 
Honeywell’s Cherry agrees, noting that IT 
staff must rely on security personnel to 


Surveillance camera 
x, 


IT security 
platform 


safeguard their own physical infrastructure. 
“Somebody going in and throwing a wireless 
LAN device into a wiring closet is a security 


manager’s worst nightmare.” 

Whether and how soon the vision of con- 
verged physical and online security systems 
will become reality at most large enterprises 
remains to be seen. But today, key building 
blocks are falling into place, advancing the 
vision, from smart cards and correlation 
software to IP-enabled access systems and 
surveillance devices. 

As DSU’s Fletcher notes, however, one 
thing is unlikely to change in a converged 
security world. “There’s no perfect system.” 
IT managers should set their expectations 
accordingly. He also emphasises the impor- 
tance of having trained, competent staff on 
both sides of the house involved in a con- 
verged security project from start to finish. 
“You don’t want to outsource this,” he insists. 
“You need people who are committed to your 
corporate plan. They must have some skin in 


the game.” > 


~~ NATIONAL GEOGRAPHI Sy ON. 
Thanks to IBM digital nedia Solutions, 
: sOurcing thousafids. of photos now 


éak times. At any time. E*Trade 
makes it happen. Scalable systems 


Over 700,000 songs strong. And 
/ |BM is ‘helping “students get the 
~ susic they want without swamping 


h has. huge ae And 


a “S.@ takes hgurs instead of months. 


he Bil ISON. Fast. trades. 


from IBM help make it possible. 


f NAPSTER IS ON. Napster is back., 


rs uiliversity networks. 


1 IS*-ON. Micrdécbpic a 
elf-assembling chips. “I 


wand Bienes and the On Demand Business Fae are (rod BRics' or registred ‘ydodnarks i sat al usinéss. Machines Corpd alia int ale Pes, countries or: = 


mains may, be ‘trademarks or service marks. of others. GCopyright. 1BM Austral 


On Demand ‘Business is abo 


cd z 


transforming your. Filsiness so it responds 
quickly to ever-changing levels of competition, customer expectation and 
market flux. This means rethinking how processes, people and information wenn t 
are integrated across yout company. Rethinking rigid, costly’ or commodity 
‘processes. Replacing them with flexible, “integrated designs. Either in- 

house or with partners. One step at a time, building. ROL upon RO. IBM 
understands all the pieces that need to be integrated: Today, IBM is. boiiessoces 
the world’s largest business consultancy and the world’s largest technology Seis 
company, with deep experience across 18 industries. We help clients thrivé.7= 
We can help you, too. Bed 


ey 


It’s an an demand world. Be an On Demand Business. To! talk to us, ist a s if z 
ibm. ¢om/au/ondemand f 


Tod 


SS 


= * if 

f A <a — S Se, 

/ y Pete nee a a a 
f j ta Teal = nt ae 
J / Lee eal en Tok ~AQ Saat Se is 

» » MEN 
/ i: \ \ Ringe 


Z 


nited Auras ‘AB 0: 4 733. Copyright IBM, Coiporation. 2004. ‘All “ s reserved. IBM 
3, y \f : eh \ wae Ns AY 
/ WN) hs ws X aS ) 04 
HL nh " } VAI EAGANS Sen ante; 


IP surveillance systems keep 
watch while you're away 


By Oliver Rist and Brian Chee 


LEVERAGING YOUR EXISTING 
NETWORK to act as a security system is 
certainly cost-beneficial, from both the hard- 
ware and staffing perspective. But it’s also a 
way to beef up security. [P video-surveillance 
systems offer features far more advanced 
than what you can get from standard analog 
CCTV (closed circuit TV). It’s no wonder 
these systems are becoming increasingly 
popular in the enterprise. 

We recently put two IP surveillance 
management systems to the test: Axis Com- 
munications AB’s ACS (Axis Camera Station) 
is a functional yet low-cost camera manage- 
ment system, whereas On-Net Surveillance 
Systems’ NetDVR-64 clearly represents the 
high end of this market, boasting an amazing 
set of features and a price to match. Our tests 
brought to light several important factors for 


you to consider when choosing and imple- 
menting a surveillance management system. 

First, you will need high-performance 
hardware. Although fairly heavily muscled, 
the test machines we used in this review were 
often put under severe disk and CPU strain 
when performing advanced functions such as 
date-and-time-based searching. 

Second, you will need plenty of stor- 
age. Even when we only recorded events at 
a rate of just 10 frames per second (a low 
frame rate that still provides image quality 
high enough for facial recognition even at 
a dead run), we stored more than 1.5GB of 
data per camera per day. Multiply that by 
100 cameras, and the storage requirements 
for recording 24/7 would quickly eat you out 
of house and home. Configuring cameras to 
transmit live images at a constant rate while 


recording only a small number of images can 
save lots of disk space. 

A third thing to keep in mind is the secu- 
rity of the camera itself. Password protection 
is important, but so is defending these appli- 
ances against network threats. Wireless cam- 
eras are especially vulnerable to DoS attacks, 
and relatively few camera manufacturers have 
taken this into account. 


Axis Camera Station 
Axis Communications sent us its ACS 1.0 
software package and two cameras, the tiny 
but powerful Axis 205 and the full-featured 
Axis 210. ACS is designed to run as many as 
25 Axis cameras from a single management 
or surveillance console. 

We installed ACS on a Hewlett-Pack- 
ard workstation equipped with a 2.4GHz 


12 | Information Age | Octoser/Novemeer 2004 


High Quality y) 


NetDVR-64’s Web console allows remote users to 
click among camera views; control pans, tilts, and 


zooms; and view live or recorded video 


Intel Pentium 4 CPU, 512MB of RAM, 
and a video subsystem centred on 128MB 
of dedicated video memory. The system was 
running Windows XP with .Net installed, 
as ACS requires. Your initial ACS licence 
will cover 10 cameras, but additional cam- 
eras can be added in single- or five-camera 
increments. 

ACS is capable of scanning any single 
range of IP addresses or a full subnet in 
search of cameras to manage. In our case, 
we had it scan three different class-C sub- 
nets. ACS first uses a simple ping to find IP 
addresses that are active and then performs a 
more intensive scan for video cameras culled 
from that subset. This works fine, but to 
keep it working, you can’t have ICMP (Inter- 
net Control Message Protocol) ping filters 
between you and your cameras. The upside 
is that you don’t need static IP addresses on 
your cameras, just on the ACS console. 

One of the things we liked about ACS 
is that it doesn’t require cameras to sup- 
port motion detection. All you need is an 
active camera, and ACS will allow you to set 
desired motion-detection areas using on- 
screen squares; you simply place them over 


Motion: detection settings 


& Set grid... 


2 eee 


To add grids, cag mith the heft. button Te %0 wah 
Haeet, OXI 'o remove grids, deg 


wai eee 


Axis Camera Station can detect motion within 


specified areas of an image and lets you set 
thresholds for alerts and recording 


those portions of the image where you want 
to detect movement. You can also detect 
motion using IR (infrared) sensors placed 
around the room, allowing the camera to 
follow someone walking through the room 
by keying on each IR device. 

ACS’ playback feature is also nicely 
equipped. The user interface is identical to 
the monitor view and is capable of doing 
video playback on multiple cameras simul- 
taneously after a short disk-access delay. 
Although our HP workstation is fast, we 
might have improved performance by install- 
ing faster disk drives. 

Video is searchable by date and time and 
can be accessed on a single- or multiple-cam- 
era basis. In multiple-camera mode, a search 
will automatically sync all the camera views 
to the specified date and time — very handy 
in forensic investigation. A word of caution: 
Each camera maintains its own time clock 
for this purpose, so having an accurate NTP 
(Network Time Protocol) server available on 
the LAN is a must for accurate searching. 

If we have a complaint about ACS, it 
would have to be performance. The HP 
workstation we were using is well beyond 


forensic investigation 


In multiple-camera mode, a search will 
automatically syne all the camera views to 
the specified date and time — very handy in 


Axis’ suggested configuration, yet when we 
asked for a particular camera’s view, ACS 
would sometimes take as long as several min- 
utes before the new window would appear 
on the screen. More importantly, video 
searching is extremely CPU-intensive, and 
it sucked up nearly 100 per cent of our CPU 
capacity despite the fact that we were run- 
ning a CPU twice as fast as the one recom- 
mended by Axis. 

Although we expected compatibility 
issues, it was nevertheless disappointing to 
learn that ACS will only work with Axis’ cam- 
eras — and then only those that run firmware 
Release 2.34 or later. Being able to drop ACS 
onto an existing cadre of IP cameras would 
have been great, but if you’re designing an 
IP surveillance system from the ground up, 
this limitation doesn’t mean much. 


On-Net’s NetDVR-64 
NetDVR competes at the high end of the 
camera management market. Its advantages 
over ACS start with hardware independence. 
NetDVR supports several IP camera plat- 
forms as well as analog CCTV cameras, a 
feature that will clearly ease the migration 
burden from an older security system. 
NetDVR also supports a multiple-dis- 
play monitor system on the installed console, 
although we feel sure we could make ACS 
support this feature as well. NetDVR pro- 
vides as many as 64 recording channels per 
console, whereas ACS tops out at 25. Net- 
DVR also has ACS beat hands down for ease 
of searching and basic organisation. 


Information Age | Octoser/NovemBer 2004 | 13 


| 
Swiss-army security camera 


IMobotix M10 has features to burn but doesn’t play well with others 


The Mobotix M10 is the Rolls-Royce of IP surveillance cam- 
eras. From the high-quality stainless steel mounting brack- 
ets to its expansive internal software support, the M10 is a 
high-end surveillance junkie’s dream. However, until third- 
party management console vendors support Mobotix cam- 
eras (On-Net Surveillance Systems plans to do so), the M10 
will remain suitable only in scenarios that require a limited 
number of cameras. 

The M10 was originally designed for European 
ISDN links. Alas, some of its coolest features — 
such as audio monitoring during an alarm and even 
telephony capabilities, thanks to a built-in speaker 
and microphone — work only via ISDN. (We were 
also unable to get the M10 to work with a “standard” 
power-over-Ethernet switch.) Still, the M10 demon- 
strated a respectable arsenal of features that we were 
able to implement without an ISDN connection. 

Most impressive is the M10’s vast array of triggers 
and events, including IR (infrared) received from any standard 
IR remote control; IP-based triggers on any TCP port; serial 
triggers through data logging and string comparisons; light-, 
noise-, and temperature-level triggers; video motion in a specific 
area of the camera view; and even a passive IR detector built 
into the unit. 

In short, getting past this camera is a job for Impossible 
Missions Force. And if the built-in triggers aren't enough for 
you, remember that this camera runs embedded Linux, which 


Dd . 


50 


means there’s a programming interface you can use to create 
custom triggers. 

The biggest issue in an event-triggering scenario is sorting 
through the mass of video that gets stored on your server. To 
make this job easier, the M10 can modify the images saved dur- 
ing a triggered event by changing the frame colour, inserting an 

alarm icon into the frame, adding colour bars to the top 
or bottom of the screen, or adding a coloured ball 
to the screen’s corner — whatever works to bring 
that set of frames to your attention when you are 
reviewing the video. 

In addition, when an event occurs, the camera can 
trigger a circuit for a specified number of seconds or 
@; minutes (read: sound a siren), or it can trigger multiple 

FTP sessions to primary and secondary FTP sites. Or 
it can trigger both. And of course, it will send an alert e- 
mail as well. While we’re on the subject, the M10 can actually play 
recorded sound files as your alert message; these alerts can also 
be called in through the ISDN phone line. Plus, you’re not restricted 
to a single message setup, meaning the system is designed not 
only to phone the police but to contact you as well. 

Frankly, we loved the Mobotix M10. Its only shortcomings 
are that it’s too reliant on ISDN connectivity and that it isn’t 
supported by NetDVR and other camera-management con- 
soles. Until a compatible management console comes along, 
the Mobotix M10 will be a monster to configure in a high-density 
implementation. 


ns Wmaaaaaaamaaaamaaamams eae acamamaaaaaaaaamaaaaaaamaacaaeaammaaacaamamaaaaaas acca, 


Whereas ACS provides simply a list of 
cameras with user-defined names of their 
locations, NetDVR can be integrated with a 
floor map of your building, allowing users to 
click through each floor and select individual 
cameras on a point-and-click basis. From 
here, users can search through an individual 
camera’s log for past events or saved video. 
Even sweeter, the alarm system can bring up 
events in a hierarchical structure of a Net- 
DVR installation, allowing a single security 
officer to monitor multiple sites from a sin- 
gle console. 

Searching with NetDVR was notice- 
ably faster than with ACS, probably because 
NetDVR places all recorded video into a 
database. This allows not only for faster 
date-and-time searches but also for NetD- 
VR’s search feature to be integrated with 
other applications, such as a point-of-sale 
system. This would allow you to sync image 
searches with specific cash register transac- 
tions or click on a particular transaction and 
find the appropriate video slice. 


Other add-ons include the ability to 
integrate in the iPix video enhancement soft- 
ware, which allows you to store a 360-degree 
view from a single camera — handy for both 
surveillance and Web presentations. 

NetDVR is an expansive product that 
cannot be done full justice in this small 
space. The company has put much thought 
and effort into making this system a viable 
replacement for traditional analog video-sur- 
veillance systems without forcing a forklift 
upgrade to IP-based cameras all at once. 

Because this system integrates so well 
with various types of video systems — 
through the use of either Axis or Sony cam- 
era servers — it allows you to move gradually 
from analog video cameras to high-resolu- 
tion IP cameras. Given its feature set and 
broad compatibility base, NetDVR may be 
most folks’ best choice, unless you’re opting 
for an all-Axis solution right off the bat. 

ACS’ software has an advantage over 
NetDVR in that it can scan a specified 
subnet for cameras, thus handling DHCP 


better than NetDVR does. But because this 
capability is limited to Axis cameras, the 
advantage is not a big one. Furthermore, 
ACS is based on ActiveX and thus suffers 
from bloated DLL-swapping syndrome, 
resulting in window changes and button 
clicks that feel slow even on respectable 
hardware. Running on the same machine 
and using the same cameras, NetDVR was 
snappy by comparison. 

Finally, although ACS is the clear winner 
on price at $99 per camera, which is about 
one-third the cost of NetDVR, ACS provides 
limited scalability. NetDVR supports much 
larger installations, and because it can handle 
most (but not all) popular high-end IP cam- 
eras, it gives customers more flexibility in 
designing their IP surveillance systems. 


Oliver Rist is a senior contributing editor of 
InfoWorld. Brian Chee is associate director and 
founder of the Advanced Network Computing 
Laboratory at the University of Hawaii’s Depart- 
ment of Information and Computer Sciences. 


14 | Information Age | Octoser/Novemser 2004 


ChOSSsEWED R= 
SURVEILLANCE ~ 
SYSTEM 


sets WWII SECURITY 


An Australian-developed three-dimensional video 


detection system has taken automated surveillance 
to new levels of control and sensitivity 


UNIQUE AUSTRALIAN surveillance 
technology which uses three-dimensional 
video coverage has been adopted to secure 
Malaysian prisons and is gaining acceptance 
for industrial, defence and commercial secu- 
rity here and abroad. 

Developed by Sydney-based Practel, 
already established as a builder of analog 
and digital broadcasting technology, its 3D 
Sense-Eye system uses two or more cameras 
operating together to give almost infinite 
security control over an object or area. 

As traditional two-dimensional CCTV 
systems protect an area by placing a detection 
grid over it, movement in front or behind the 
area can trigger false or nuisance alarms when 
a single camera detects intrusion into its viewed 
area. Customers getting between a chemist 
shop camera and grid-protected drugs on a 
shelf can set alarms off, however innocently. 

Sense-Eye’s world-patented multiple 
camera system also uses a user-drawn detec- 
tion grid, but its virtual width and depth 
perception created by two or more cam- 
era views alert administrators only when a 
secured object is actually touched. Forklifts 


benchmark 


Look, but don’t touch; detection grids can be prioritised for 
any object. 


for example can move around an object in a 
warehouse without triggering an alarm. 

Shoplifters intent on stealing drugs will 
raise no alarm until they reach out to grab 
them: Sense-Eye’s second camera, watching 
along an axis at 90deg to the first, will detect 
the reaching and create an alert. 

Typically, the Sense-Eye system will link 


eight or 16 cameras on a TCP/IP LAN via 
Practel’s Zenith control system to a standard 
PC running Windows 2000 or XP. Practel’s 
software will display either single or multiple 
images as stills or video, its algorithms com- 
bining data from any of its multiple cameras 
to create an alert when there’s movement in 
any detection zone. 


Information Age | October/NovemBer 2004 | 15 


“Someone gazing at a dozen monitors 

connected to single cameras will start to 

miss security breaches after about 20 minutes on 
the job; there’s just too much to look at 

and efficiency rapidly falls 


Intrusion detection sensivity can be set 
by Sense-Eye’s administrator (above), 
and its two-camera set-up will detect 
intrusion, along, over or behind a fence. 


Depending on the placement of the 
cameras, an almost infinite level of detection 
can be created. Using a mouse, the operator 
draws a detection grid over secured objects, 
or a simple don’t-cross line, on the PC’s 
monitor and sets a number of parameters. 

Priority can be given to secured objects 
or areas by ascribing one of 16 colours to 
its detection grid, the number of cameras 
devoted to each, how many of them need to 
detect motion to raise an alarm, and the speed 
and size of any target. 

Grids can be drawn and light sensitiv- 
ity set to compensate for moving shadows as 
the sun crosses the sky, wind-driven camera 
movement and weather conditions. Cameras 
sample lighting condition several times a sec- 
ond and automatically adjust to changes. 

The speed/size function, combined with 
pre-set time schedules for each secured area, 
allows administrators to configure the system 
to significantly reduce the number of false or 
nuisance alarms: People, cars or forklifts may 
be allowed to enter a warehouse, but something 
bigger like a truck will trigger an alarm. 

Any movement by any object at times 
when none should be expected will also ring 
bells. Similarly, small objects like birds flying 
through a detection zone can pass without 
alarm, but anything bigger than a rabbit 
approaching a security fence line, or mov- 
ing along it, will raise an alert. 

The multiple-camera set-up allows an 
operator to see whether a target is inside 
or outside a fence and whether they have 
touched it or are trying to dig under it. 

This feature is useful on railway plat- 
forms where a no-go grid can be put along 
its edge. Passengers getting too close to the 
tracks will trigger an alert, but putting, say, 
a briefcase in it may not. 

Alerts can be flagged on-screen but can 
also trigger a public announcement recorded 


as a Windows .wav file which will warn intrud- 
ers to stand back. In an art gallery, individual 
pictures can have grids drawn across them to 
be watched by cameras at each corner of the 


room, while three or four cameras may home 
in on a free-standing sculpture. 

Touching the sculpture may be allowed, 
but hug it as if trying to lift it and its custo- 
dians will know. Electrical engineer Nenad 
Radoman, Practel’s CEO, says the system’s 
high levels of automation are designed to 
compensate for fatigue, leading to attention 
lapses, in security operators: 

“Someone gazing at a dozen monitors con- 
nected to single cameras will start to miss secu- 
rity breaches after about 20 minutes on the job; 
there’s just too much to look at and efficiency 
rapidly falls. With Sense-Eye generating its 
alerts automatically, operators can concentrate 
on them as they occur, and because of the simple 
networking protocols used, unmanned remote 
sites can be monitored on a laptop with Web 
connections in a hotel room if need be.” 

Sense-Eye can be deployed as a stand- 
alone system, in addition to any pre-installed 
analog or digital surveillance set-up, or inte- 
grated with it. “Sense-Eye doesn’t care what 
cameras it uses or what kind of network it has 
to connect to; it can handle mono or colour 
images whether analog or digital, standard, 
infrared or light-enhanced — and will store 
time-coded data on its own hard drive or on 
any external server.” 

Practel has a sales office on Sydney’s 
northern beaches, and its R&D and custom- 
ising facility in Adelaide. Further informa- 
tion at www.practel.com.au 


16 | Information Age | OctoseR/Novemper 2004 


Protectin 


critical 


IMARASTRUCTU 


Terrorism is forcing private sector security awa 


A By Allen Fleckner 


FOR DECADES Australia has, through a 
mix of isolation and good fortune, been able to 
avoid the destruction that terrorism can inflict 
on society. Now, however, with the threat very 
much a reality, what message must we send 
to the masters of the bomb and bullet? From 
critical infrastructure operators the message 
must be clear, and convey a statement to ter- 
rorists that the business sector is determined 
and prepared to counter their efforts. 

With the introduction across all states 
and territories of new legislation to protect 
against terrorism, there is now a specific 
compliance requirement that must be met, 
demanding operators provide measures to 
both minimise the likelihood of a terrorist 
incident, and mitigate the resultant damage 
should such an event occur. 

Under the terms of the National Coun- 
ter Terrorism Agreement, Victoria alone has 
identified and developed a database of more 
than 600 items of critical infrastructure. 

The operators of these assets, having 
been declared Essential Service Providers, are 
then deemed to require the development of a 
risk management plan, the main objectives of 
which are: to prevent terrorist acts in relation 
to the declared essential service, to mitigate 
the effects of a terrorist act, to recover the 
service from a terrorist act, and to ensure 
continuity of the service at all times. 

What are the ramifications for those 
responsible for security within such facilities? 
With high-profile or trophy buildings often 
presenting more probable targets, both phys- 
ical and cyber security has an increased duty 
of care to address potential security lapses 


and weaknesses. Managers must examine and 
consider the nature and the likelihood of a 
terrorist incident either in their facility, or 
close by, and take steps to defend against the 
risks and consequences of such attack. 

Failure to discharge this duty will leave the 
company exposed to legal liability, but equally 
as damning for the business will be the anat- 
omy of blame that follows. This is the resultant 
expectation that the company should have fore- 
seen the risk, and prepared itself to deal with 
it. If management wasn’t prepared and thus 
couldn’t respond effectively, or effected deci- 
sions that worsened the outcome, corporate 
governance culpability could readily arise. 

Another emerging legal theory, ‘negli- 
gent failure to plan’, can find employers neg- 
ligent if they do not take reasonable steps to 
eliminate or diminish known or reasonably 
foreseeable risks that could cause harm. Fol- 
lowing recent terrorist spectaculars, the range 
of known hazards is widely perceived to have 
broadened. In fact, all kinds of incidents that 
could affect an organisation should be consid- 
ered, and the organisation itself needs to be 
able to anticipate elevated degrees of danger 
in order to step up their level of preparedness 
through suitable response planning. 

With increasing private sector owner- 
ship and management of utilities and essential 
services, governments are developing a coor- 
dinated approach to the protection of criti- 
cal infrastructure. A policy of nurturing risk 
management and cooperative planning within 
the private sector, which integrates disaster 
recovery planning and business continuity 
planning, is their preferred methodology. 


hie 


\ 


= 


The thrust of this campaign is to place the 
onus with the private operator and adapt an 
overseeing role for the assigned government 
agency to ensure appropriate best practice 
is met, and benchmark security standards 
reached. 

In these circumstances, critical infra- 
structure security managers need to merge 
the organisational and functional elements 
for both IT security and physical security to 
establish an effective systems security program 
to provide functional asset protection. How- 
ever these two areas are often at different poles 
within the business process. Knowledge gaps 
often exist that allow inherent weaknesses to 
flourish within the company. Organisational 
size often dictates that both of these ele- 
ments are represented as a “clip on” function 
to other departments such as HR or OH & 
S. It is important therefore that organisations 
establish and appoint one person with the 
ability to speak for both areas. Lines of com- 
munication need to be established directly to 
the upper echelon of corporate management 
and the support of senior executives secured. 
Without this level of support, security culture 
improvements would flounder. 

To effectively create the one-stop secu- 
rity solution, both the physical security and 
IT security elements must already be estab- 
lished with suitable objectives, key person- 
nel roles, responsibilities and duties defined. 
Both areas share similar characteristics and 
vulnerabilities, however technical skill sets of 
personnel vary between them. Recent trends 
suggest that both the core elements of IT 
security and physical security are converging, 


Information Age | Octoser/Novemeer 2004 | 17 


but still have a way to travel before key per- 
sonnel have the individual capacity to cover 
the knowledge required for both areas. How 
much physical, IT and risk management expe- 
rience are needed in the mix has not yet been 
defined, but as broad a skill set as possible is 
desirable. 

Security is about educating the business 
leaders of the threats the organisation faces, 
the likely negative consequences and costs 
of those threats, and the necessary control 
measures that need to be implemented as 
effective safeguards. 

To raise the security culture of the 
organisation it is important to develop an 
omnipresent security program that pro- 
motes effective security as an essential busi- 
ness reality, which avoids a weaker security 
stance based on the dangerously outdated 
notion that it “won’t happen to us”, improves 
lines of communication directly through to 
executive level, and in turn coordinates an 
approach to integrate physical security, infor- 
mation protection, and risk management. 


a rational business oriented decision. To take 
a proactive stance, or outline the process of a 
reactive stance — or combination of both — to 
control, mitigate or even accept the risk. Effec- 
tive business solutions can then be based on 
sound principals of cost benefit analysis, allow- 
ing for and considering the real “cost” of the 
human factor alongside the purely empirical 
aspects of the organisation. 

Ultimately, examination of company 
antecedents for the current security profile 
may reveal areas of security that need rein- 
forcement and assistance in development of 
the determined counter assurances, and to 
allow effectual change of the security culture 
across the organisation’s business functions. 

The vulnerability assessment is perhaps the 
most important step in the security planning 
process. In the current context of mitigating 
against terrorist attacks, care must be taken to 
ensure that the assessment is correctly focused 
on identifying how a potential attacker could 
take advantage of any given opportunity. The 
subsequent security planning and its effective- 


With increasing private sector ownership and 
management of utilities and essential services, 
governments are developing a coordinated 
approach to the protection of critical infrastructure 


With these elements in place, the real 
work can then begin. Both the physical and IT 
security aspects of the business must converge, 
recognise each other and put aside territorial 
issues for the greater good of the organisation. 
Each must be aware of the other’s threats and 
vulnerabilities and their interdependencies. 

The first stage in the process is to utilise a 
sound risk analysis process as a tool, tempered 
by the parameters set by the scope of task to 
form the foundation of a systems security pro- 
gram. The first blocks are laid by identifying 
the assets to be protected, the real threats to 
those assets, probability of those threats even- 
tuating, and understanding the subsequent 
impact or consequences to the business. 

A structured approach through threat 
identification and determination of the likeli- 
hood of occurrence help determine the true 
“expected cost” from any given occurrence. 
This in turn allows management to arrive at 


ness for providing a protective solution are 
directly related to how effectively the vulner- 
ability assessment was performed in the first 
instance. The first analysis is often the most 
costly in dollar terms, due to a lack of ground- 
work or security presence in the company, but 
subsequent assessments can be based on the 
knowledge gained of the business environment 
and processes that have been recorded in this 
first instance. Then, in order to remain truly 
effective, the analysis must be a recurring proc- 
ess that keeps abreast of new threats and risks 


and methodologies to combat them — as 
they arrive. The need to provide for the chang- 
ing risk environment is probably best illustrated 
by the process of terrorists deploying improved 
weapons and methodology to attack assets, 
and security planners upgrading the protective 
measures to resist those weapons, not in dissimi- 
lar fashion to a conventional arms race. Previous 
terrorist campaigns, such as that waged by the 


Provisional Irish Republican Army (PIRA) in 
Northern Ireland, reveal a process whereby the 
PIRA attempted to gain control by increasing 
the size and capacity of their arsenal. 

Early in their campaign small hand- 
delivered bombs, small arms and other small 
hand-held type devices were the order of the 
day. These were followed by small car bombs 
(typically 150kg). These resulted in structural 
damage and casualties that in turn led to the 
introduction of wire mesh fences and stand- 
off barriers to keep vehicles at a distance. 

To overcome these barriers, terrorists 
moved to stand-off attacks using rifles, gre- 
nades and RPG7 rockets. This in turn forced 
security planners to introduce bullet resistant 
glazing and wall hardening to protect person- 
nel. Sangars (bulwarks) to guard the perimeter 
were added and walls made high to reduce the 
size of explosive devices that could be thrown 
over. Vehicular access was withdrawn from 
affected facilities, but this led to booby traps on 
cars being parked in adjacent offset car parks. 
Bombs became larger and blast walls were con- 
structed and larger stand-offs provided. 

The PIRA responded with the Mark 10 
Improvised mortars in 1981. Weighing 60kg, 
they contained 20kg of homemade explosives 
(HME) and were capable of demolishing a 
large building. Proxy bomb attacks were used 
in delivery vans. Next came spigot bombs, 
which were made from an oil drum filled 
with 300ke of HME. The Mk15 Mortars 
appeared in 1992. They weighed 118kg and 
contained 80kg of HME. 

Improvised terrorist weapons are diffi- 
cult to mathematically model and thus make 
designing protective measures that much 
more difficult. This can be said for both the 
physical and information security arenas. As 
in Northern Ireland where they applied a 
systematic approach, using a vulnerability 
analysis as the first step, they were able to 
eventually harden facilities to such an extent 
that no further loss of life has occurred in a 
hardened building since their introduction. 

Good security planning based on a sys- 
tematic risk analysis, rigorously practised, 
regularly reviewed and audited, can provide 
the solution to security vulnerabilities — 
even as serious as those faced by the security 
industry in Northern Ireland. @ 


Allen Fleckner is director of security and risk, 
Emergency Management Experts, Melbourne. 


18 | Information Age | Octoser/Novemeer 2004 


Local telco billing 
SO!UTION slashes costs 


A unique Australian 
technology is radically 
cutting ownership costs 

for telecommunications 
companies connecting 

to their partners, and 

the managing of these 
“interconnect” call revenues 


AS PUBLIC COMMUNICATIONS 
expand in size and type, divvying up the 


swelling flow of call charges is becoming 
increasingly complex, but canny international 
telcos using Australian interconnect billing 
technology are able to fossick for a rich lode 
among previously ignored call records. 
Sydney-based Integration Management’s 
(IM) in>Bill system has been adding to the 
revenues of customers in nine countries for 
the last five years, and is about to make its 
17 telco clients even better off with a new 
data management architecture which cuts 
interconnect billing system cost of owner- 


ship (TCO) to a third. 


Call data records (CDRs) are telcos’ 
unit of currency, and every call generates 
a number of CDRs depending on its type, 
duration, distance, the various carriers 
involved and a host of other factors. 

As these permutations to billing reso- 
lutions increase, so does the propensity 
for squabbling over who owes whom what 
among “partner” providers and carriers — let 
alone disgruntled subscribers disputing their 
apparently bloated account. 

Accurate record keeping and manage- 
ment is crucial, with large telcos having to 
wade through data in tens of terabytes. 

Essentially, interconnect billing software 
takes raw CDRs from the telco’s switches, 
analyses them by the type of call which cre- 
ated them (mobile interconnect, local land- 
line, VoIP, international satellite, and the 
carriers involved etc) and sends the teased 
out data to a secondary CPU which ascribes 
them a value and stores them. 

It is this information which is consolidated 
and so creates a disbursement report so all the 
players in the call chain get their share of the 
proceeds — interconnect settlement 

Typically all this runs on a large propri- 
etary server containing enough CPU grunt 
to process 100 million or more CDRs daily. 

It is in this area that IM has created a 
new architecture paradigm to radically 
reduce TCO. 

Its in>Bill HERE (Horizontally Extended 
Rating Engine) system, to be launched this 
month, takes the rating CPUs out of the 
server to run externally on a LAN. 

in>Bill’s primary software still runs on its 
Oracle 9 (or later) Unix or Linux platform on 
the server's central processor, but is now agnostic 
to the secondary rating engine processors which 
can run in any configuration driven by any ven- 
dor’s chipsets whether Intel- or RISC-based. 

Traditionally, cranking rating power to 
cope with increased data meant adding extra 
CPUs compatible with the server manufac- 
turer’s architecture, which for a Tier 2 telco 


Information Age | Octoer/Novemeer 2004 | 19 


File. 
Transfer 


“Ganiineation 
Rating 


Rerating 


Data 
Transfer 


Summaritstion 


~“Rnanclal. 
Transaction 
Generation. 


dealing with 200 million CDRs in a 20-hour 
day, could cost $900,000 or more. 

Worse, fluctuations in data levels, par- 
ticularly as international telco markets are 
deregulated and new technologies emerge, 
could leave processing power lying idle as 
flows ebb, or forcing expensive proprietary 
upgrades to cope with projected increases 
which may not eventuate. 

in>Bill HERE has been re-engineered 
to recognise any currently available off-the- 
shelf processor, bringing rating engine TCO 
nearer to $200,000. 

“Users now have total flexibility in adding 
CPU capacity in whatever increments, from any 
vendor, running at any speed,” says Integration 
Management CEO Gray Goodwin. “And the 
hardware you'll buy tomorrow will be cheaper 
and faster than anything available today.” 

“We’ve broken the shackles on propri- 
etary processing power for any telco dealing 
with say 20 million or more CDRs in a day 
and added automatic load balancing across a 
totally homogenous rating engine. 

Intel worked closely with IM’s develop- 
ment engineers to develop the open rating 
engine. 


Export market a priority 
Founded in 1992, IM started exporting 
in1994 and has added local and foreign VC 
funding since 2001. 

“The decision to seek markets offshore 


was a difficult one. We had two or three cus- 
tomers and in some ways so few is worse than 
none. But we persevered and when the Asian 
economic market collapsed in 1997 we had 
40 people working in Indonesia.” 

An early version of the technology, 
called GIRS, was developed in 1996 to run 
on Digital’s VMS, but with its demise, the 
first Unix version was launched in 1997 with 
Satelindo, AAPT and VoiceStream among its 
first users. 

IM now lists AAPT, Telecom New Zea- 
land and one of Malaysia’s biggest wireless 
operators (8 million subscribers) among its 
17 customers in nine countries including 
Indonesia, Malaysia, the Philippines, Taiwan, 
the USA and Nepal. 

(‘I’m the only CEO you're likely to meet 
with a legitimate reason to visit Kathmandu 
once a year,” Goodwin quips.) 

Customers can access the system through 
a Web interface with hyperlinks allowing 
drill-down to reports on verification, usage 
analysis, summaries, overall system, errors 
and invoice records 

in>Bill has found success through its 
ability to process interconnect, CABS (The 
American version of interconnect settlement, 
prescribed in detail for USA operators) and 
content settlements without external media- 
tion devices and other than being Unix or 
Linux-based is hardware and operating sys- 
tem independent. 


Mediation devices, usually proprietary 
boxes from vendors like CSG, Openet, Eric- 
sson and Alcatel, act as electronic drafting 
pens, categorising CDRs between switches 
and the billing system. 

Because in>Bill has these capabilities 
built in, it can take 100 per cent of the CDRs 
available from switches whereas competitive 
interconnect billing systems typically filter 
out transactions to process only about half 
available CDRs. 


Cracking fraud, tracking traffic 

It is in the processing of the dross that other 
systems discard that in>Bill has been able 
to achieve uniquely high levels of revenue 
assurance by assaying data for any billable 
or value elements. 

One Asian in>Bill user was able to crack 
a $US10m racket in which fraudsters used 
poor logistics management of the GSM SIMs 
to make illegal calls which would have gone 
unnoticed without total CDR analysis, while 
a US customer was able to isolate revenue 
traffic from transit traffic it did not know 
was on its network. 

“Because we can handle any sort of 
network, whether VPN, GPRS/WAP, 3G, 
Internet, broadband, mobile, number port- 
ability complexities and so on, and connect 
easily with legacy mediation or switch tech- 
nology, our opportunities are global,” Good- 
win says. 

“We’re set for that with offices in the 
US and reps in China, India, Hong Kong, 
Thailand and elsewhere, and we have fluency 
in 18 languages among our staff so we can 
deliver local-language systems. 

“In Australia, Telstra and Optus are not 
immediately available prospects so we must 
cast our net wider at least in the short term. 

“There are smaller local operators who 
can get by with Microsoft Access or the like 
in the meantime, but new players are coming 
in and as their call volumes grow, particularly 
as fixed telephony is supplanted by mobile 
and other technologies, they can quickly 
reach the ROI threshold (about 250,000 
CDRs a day) for a comprehensive system 
like ours. 

“Their need to maximise revenues by 
controlling margins and reducing leakage is 
crucial”. 

Further information at www.integration- 
man.com @p 


20 | Information Age | Octoger/NovemBer 2004 


Which people are first in line for the 
best jobs? More and more, Australian 
Computer Society members are the 
most sought after in the IT industry. 


Why? Because ACS membership is 
a sure sign you’ve already put in the 
hardyards. It recognises your knowledge 
and experience. It lets people know that 


For more Tfernton 


you’re an IT professional committed 
to everything the Society stands for. 
It means you’ve embraced the highest 
ethical standards and developed the 
highest levels of skill in applying the 
science of IT disciplines. 


Indeed, having your level of expertise 
recognised by the Australian Computer 


Call 1800 626 029 


or visit WWW.aCS.Org .au 


Society is a feather in your cap. 


The bottom line: to stand out in 
a crowded IT market, you should 
apply for ACS membership now. 
Call 1800 626 029, or go to 
WWW.aCS.Org.au 


If you have specific enquiries, email 
membersupport@acs.org.au 


AUSTRALIAN 
COMPUTER 
SOCIETY 


ICT Frofessionals Shaping. Our Fute 


| FRENCH WINDOW 


a 


+ 


By Bill French 


'The 


Transformation 


of Search, Pt 1 


| LOVE GOOGLE, but search (as we know it) is 
changing. Robin Good suggests (quite accu- 
rately) that Internet 3.0 is beginning to take 
shape. Assuming the Web as we know it, 
comprised mostly of HTML pages, is con- 
sidered “2.0”, the emerging phase is “3.0” 
and is all about applications and semantic 
interchange of information. Internet 3.0 is 
also a phase where machines interact with 
each other more, and where humans begin to 
take a passive role in surfing, and search. 

The Web we all know well is designed for 
human interaction; proactively engaging in 
surfing and the quest for information, prod- 
ucts, business and social connections, and 
services. But the future Web is so large and 
possesses so many opportunities to improve 
our lives that we will require machines to 
help us deal with the tsunami of messages 
and content important to us. 

More than three years ago (May 2001) 
Bear Sterns Equity Research (Chris Kwak 
& Robert Fagin) published a lengthy report 
that introduced “Internet 3.0”. There wasn’t 
a mention in that report about the emer- 
gence of Weblogs or the growing demand 
for content syndication services and technol- 
ogies. However, they did forecast the likely 
outcome of an information tsunami when 
decentralised and peer-to-peer publishing 
capabilities emerged. 

“The Edge becomes the Internet and 
devices do more with what have to date been 
dormant native resources. PCs become domi- 
nant, and all clients are thick. The domain 
name system is no longer the only addressing 


system utilised by networks. The browser is 
no longer the gateway to the Internet.” — 
Bear Sterns Equity Research 

Hmmm — the browser is no longer 
the gateway to the Internet. They probably 
weren’t thinking of RSS newsreaders, but 
they were right anyway. Lately I find myself 
using my newsreader and Microsoft Office 
to find stuff. I’m biased [of course] because 
I helped build the first (and only) RSS-to- 
Office search integration available — MyST 
SmartSpace. The emergence of lots of wire- 


base grows, exponentially adding to the pile. 
Now we're faced with finding a needle in an 
ever growing pile of needles. Try to find a blog 
or an RSS feed about a specific topic; it’s almost 
impossible. Something is bound to change and 
it’s likely that it will involve smaller (not larger) 
search indexes. 

RSS feeds, specifically collections of them 
in a particular domain of expertise, serve as 
highly effective pools of knowledge that are 
easily searched. In Google, I find myself con- 
tinually chasing my tail as I try to research 


With each new day the information base 
grows, exponentially adding to the pile 


less devices, plenty of hot-spots, and the use 
of loosely-coupled Web services to build 
smarter Internet applications represent the 
future gateway(s) to the Internet. These are 
great concepts and will yield all sorts of fan- 
tastic improvements in information services. 
However, there remain a fair number of per- 
plexing problems, like finding stuff. 

The many difficulties with finding relevant 
information will likely grow before we learn 
how to chip away at the issues because we seem 
to be able to create many new ways to capture 
information, but we have fewer ideas about 
organising or making better sense of informa- 
tion. Google now has more than four billion 
pages. As each day passes it adds [perhaps] mil- 
lions more. With each new day the information 


topics. With Microsoft Office Research 
Services, (based on tightly related sets of RSS 
information flows) I’m able to hunt for a red 
needle in a very small bag of multi-coloured 
needles; much better odds. Office Research 
Services that are targeted and focused on spe- 
cific knowledge sources seem to make sense 
and the support for this approach is reflected 
in companies like Amazon, IBM, Lexis-Nexis, 
and Thomson Media. Office Research Serv- 
ices are available in a number of subjects and 
growing every day. 

These types of information repositor- 
ies are now affecting our search behaviours 
because we have new [narrower] resources to 
search that are both more timely and more 
focused on specific domains of expertise and 


22 | Information Age | Ocroser/Novemser 2004 


FRENCH WINDOW 


interest. The notion of search is transforming 
to take advantage of discrete addressability of 
domain-specific content that (in the past) was 
typically persisted in large blobs of stuff that 
requires more human-energy to harvest value. 
Weblogs and RSS feeds have opened the door 
to the atomisation of content; the increasing 
tendency to shrink information objects. The 
smaller information objects become, the more 
discrete (or unique) they tend to be. In turn, 
the objects become easier to find because they 
are so unique and therefore, more easily dif- 
ferentiated. XML standards and aggregation 
tools have made it possible to reassemble the 
atoms in ways that are more meaningful, thus 
fundamentally changing search requirements 
and possibilities. We’ve now begun to take 
seriously, the semantic Web. 

There are other trends emerging as 
well. A9 (http://a9.com) is a good example 
of a “search application”. It is fundamentally 


NUVU® turns dull printouts 
into professional looking 


colour documents! 


These can be easily viewed (in WYSIWYG 


form), printed, e-mailed, faxed or 
exported by users. 


The affordable, integrated NUVU® 
suite turns dull forms into, clear, 
easy to read, professional looking 


documents! And there’s no need for Transform se 
ohana ©: this INTO passa GreenPess a oe | 
extra programming: NUVU® integrates THIS pont caro, We rr ee | 


seamlessly with existing software. 


based on Google, but it has some interesting 
ideas. Imagine search results that remember 
what you've looked at, and specifically call 
out items that are new. This is a slight take- 
away from RSS newsreader which do simi- 
lar things. But A9 tiptoes into marrying the 
concept of looking for information with the 
process of using what you’ve found; more 
of a business process approach to search. At 
MyST we've looked at search, discovery, and 
utilisation in similar light. Our competitive 
intelligence tools provide exactly this capa- 
bility making it possible for users to create 
observations (some would call these secure 
enterprise blog posts) about their discover- 
ies. A9 provides a similar concept called the 
diary. There are a number of useful features 
in A9, but the most important aspect is the 
trend - search is becoming more of an appli- 
cation that intersects with how people work. 
Search is getting smarter about how you 


N 


oreer 100244 


ce Date: 12/03/2002 


1 


FPPORTING YUITE. 


STERLAND SOFTWARE 202 The Entrance Road Erina NSW 2250 


[02] 4365 6543 nuvu@sterland.com.au www.sterlandsoftware.com 


= 


M223i2 Arochokes: 


work, what you look for, and ways that you 
might act on your discoveries. 

My business partner and I have long 
believed that the ultimate search technol- 
ogy is one you don’t explicitly use. Imag- 
ine turning the search paradigm on its head 
— instead of us finding stuff, why not stuff 
finding us? Pushing this idea to the extreme, 
our applications would understand what we 
are working on and automatically provide us 
with exactly the information that we need in 
every specific context. In that scenario, we 
would never need to search for stuff because 
the right stuff would find us. 

In The Transformation of Search: Part 
Two (December issue of Information Age) 
we'll cover Microsoft Office documents that 
are smart enough to attract relevant infor- 
mation, search clustering from ThinkTank23 
(the underlying technology at Vivisimo), and 
new search application ideas. @ 


ok 


TAX INVOICE: 


Freddys Grocery Ste 
13 Mdvern Sect 


FREE trial 
version 


NUVU*! 


ANT. LY J 


Information Age | Octoper/Novemaer 2004 | 23 


wattle/ss.JA/A 


OPINION 


The ECM 


Revolution 


By Graeme Philipson 


THE HOTTEST PART of the software industry today 
is ECM (Enterprise Content Management). 
In the early 90s it was ERP (Enterprise 
Resource Planning), and in the late 90s CRM 
(Customer Relationship Management). 

The term “ERP” is no longer fashion- 
able. None of the vendors use it any more 
— it seems so 20th century. But the product 
never went away, and most organisations now 
use some sort of integrated enterprise-wide 
applications software. 

The term “CRM” has also gone out of 
fashion, but for a different reason. It didn’t 
work, At least, it was very difficult to make 
it work, and stories of failed implementa- 


and content management companies, like 
Interwoven and Vignette, and portal vendors 
like Hummingbird and Plumtree. 

Established ERP vendors like SAP and 
Oracle are moving into the space. So are the 
business intelligence (BI) vendors, like Busi- 
ness Objects, Cognos and SAS. IBM, too, 
made its intentions clear with its acquisition 
last month of a small ECM company called 
Venetica. ECM is hot. 

But what is it? It is software designed to 
gather, store, manage and present all of an 
organisation’s digital content. That includes 
structured content, typically transactional 
data held in relational databases, but also 
unstructured content such as that found in 
e-mails, word processing documents, image 
libraries, Web pages and the like. 

Estimates vary, but there is a rough 
consensus that structured data comprises 


and 90s banks, governments and insurance 
companies digitised their paper documents. 

Then the Internet hit, and organisa- 
tions large and small built Web sites for 
promotional and other purposes. The word 
“content” came to be used for the great mass 
of information that found its way onto the 
Web. 

Now the separate disciplines of stor- 
age data management, data management 
and content management are coalescing 
into ECM. A good indication of the trend 
is leading storage company EMC (with a 
confusingly similar abbreviation), which 
acquired document management company 
Documentum last year. 

EMC is now promoting the concept of 
ILM (Integrated Lifecycle Management), 
a system where different types of data (or 
information — the terms are often used 


It is software designed to gather, store, manage and 
present all of an organisation’s digital content 


tions abound. When last heard of, CRM was 
becoming a subset of ERP and both the user 
and vendor community were trying to work 
out what went wrong. 

Now it’s ECM’s turn in the spotlight. 
ECM vendors have evolved from a number 
of different areas, which are now converging. 
They include the old document management 
and imaging players, like FileNet and Doc- 
umentum. They include Web development 


less than a quarter of all the information an 
organisation possesses. Over the 50-year his- 
tory of the commercial computer we have 
become very good at storing and manag- 
ing structured data. After Ted Codd’s 1969 
invention of the relational DBMS it became 
much easier to store transactional data, and 
the ERP revolution of the 90s cemented 
structured data at the core of most organisa- 
tions’ information systems. 

But while all this was happening great 
masses of unstructured data were also being 
digitised and stored on PC hard disks and 
departmental servers. Word processor, 
spreadsheet and e-mail documents have 
proliferated at a massive rate. In the 80s 


interchangeably) is parked in different types 
of storage, depending on its currency and its 
value. Archival data or backups are stored on 
tape — though increasingly disks are getting 
so cheap that is not necessary, transactional 
data on “off-line” disk, current data on “near- 
line” disk, and active data in memory. 
EMC, and most other storage vendors, 
have increasingly become software compa- 
nies in recent years. The disk drives them- 
selves are now commodity items, incredibly 
cheap and reliable, and the real trick to their 
efficient use is in the storage management 
software that controls them. EMC’s purchase 
of Documentum, and of a slew of other com- 
panies such as Legato and even Data General 


24 | Information Age | Octoger/NovemBer 2004 


| 


OPINION 


a few years ago, indicates where that vendor 
believes the storage industry is headed. 

The ECM vendors have a range of inter- 
esting techniques and technologies for han- 
dling unstructured data, and for integrating it 
with structured data. Analyst company Butler 
Group has coined the term “Content-Aware 


Applications” to describe the tendency towards | 
such integration. New standards such as Web | 


Services and XML and its many extensions are 
emerging to handle this integration. 

Last month W3C (the World Wide 
Web Consortium), headed by Web pioneer 
Sir Timothy Berners-Lee, announced SSML 
(Speech Synthesis Markup Language), an 
extension of XML that will bring high-qual- 
ity synthesised speech to Web applications. 
SSML will enable the Web to understand 
and propagate voice-based content, just as it 
can at the moment with text. It is an aspect 


of the emerging “Semantic Web”, proposed 


| by Sir Timothy in his seminal 1999 book, 
Weaving the Web. The Semantic Web will 
enable data contained in Web pages to be 
coded with an extra dimension of informa- 
tion that will enable computers to make 
sense of it. 

We are part of the way there, with XML 
and emerging Web services protocols, but 
the Semantic Web will contain much more 
meaning. It will enable intelligent software 
agents to perform many of the searches and 
conduct many of the transactions that can 
currently only be undertaken by humans. 
Extend that capability to voice, and the pos- 
sibilities are endless. 

Consider also that voice traffic over the 
telephone is now largely digital, and there- 
fore capable of being stored on disk. Most 
voice traffic now is lost in the ether once the 
words are uttered, but there are increasing 
demands that it be stored, for both security 


and commercial purposes. Storage is now so 
cheap that we have the technology, and the 
affordability, to do this. 

Already clever technologies exist to mine 
unstructured voice data, just as we currently 
mine structured transactional data for pat- 
terns of interest to marketers or govern- 
ments. This stuff is still in its infancy, but it 
will be big business in the years to come. 

We are at an interesting inflection point in 
IT. Up until now, we have focused on the “T” 
— the technology. The real battle in this mil- 
lennium will be over how we use the “I” — the 
information. The future belongs to unstruc- 
tured data. ECM is just the first step. @> 


Graeme Philipson is a long-time IT industry 
journalist and analyst. He is a former editor of 
Computerworld Australia, was founding editor of 

§ 
MIS magazine, and has been Gartner’s Research 
Director for Asia Pacific. graeme@philipson.info 
J °o 


Chief Security Officer 


CSO 


THE RESOURCE FOR SECURITY EXECUTIVES 


70” 


Go to CSOonline.com.au and 
REGISTER TODAY for career information, 
best practices and strategic insights. 


of senior IT managers are reviewing 
physical access to corporate premises 
and computers, along with monitoring and 
identifying IT security vulnerabilities. 


Source: Defcom Information Services 


Register today for the FREE 
weekly CSOonline security 


CSOonline is a ClO magazine publication. briefing e-mail 


cio.com.au 


Information Age | OctobeR/Novemper 2004 | 25 


—+———— 


IN ITS FIRST PREVIEW at the Microsoft Professional Developers’ Conference, 


Windows XP successor Longhorn was shown running a 20-year-old copy of Visicalc. Ancient 


DOS software won’t be the lone occupant of the Longhorn compatibility box. Win32, the 
Web, and even WinForms — the .Net era’s first GUI framework — are all legacy APIs from 
Longhorn’s perspective. Their replacements, Microsoft says, will jointly deliver “the best of 


Windows and the best of the Web”. 


The proof is still years away. But given 
the ambitious scope of the project, it’s not 
too soon to consider how Longhorn will 
affect the vast majority of enterprises deeply 
invested in both Windows and the Web. 
How will the transition to Longhorn affect 
these twin legacies? Which aspects of the 
new system will embrace open standards, and 
which will entail lock-in? Will the benefits of 
the proprietary features outweigh cost? The 
answers differ for Longhorn’s several subsys- 
tems; we’ll consider each in turn. 

One thing that’s not in question, how- 
ever, is Longhorn’s deep commitment to 
Net. The last time Microsoft said it was 
betting the company on managed code, the 
claim was heavy on marketing and short on 
substance. 

This time there’s no wiggle room. Long- 
horn is deeply tied to the .Net Framework. 
Although its three “pillars” — Avalon for 
presentation, WinFS (Windows File System) 


for storage, and Indigo for communication 
— will rely on a mix of managed and unman- 
aged services, those pillars will export only 
managed APIs for use by Longhorn applica- 
tions. That’s great news for the long-term 
health of Windows, the productivity of its 
developers, and the security of its users. 

To deliver these benefits, Microsoft is 
aiming a few years ahead of the hardware 
curve. Few of today’s PCs and none of today’s 
handhelds are likely targets for Longhorn. 

Although the project may someday unify 
Windows, in the near term it will surely com- 
pound the already problematic fragmentation 
of the platform. As if that weren’t headache 
enough, Microsoft’s vote of no confidence 
in the future of many basic Web standards 
puts the company on a collision course with 
competitors who continue to invest in those 
standards — and with customers who would 
like to see Web standards supported and 
advanced. 


It’s an aggressive and risky strategy. To 
appreciate the payoff, you can’t just consider 
Longhorn’s features individually, Microsoft 
says. The value of the system as a whole, the 
company insists, will exceed the value of the 
sum of its parts. Concept videos paint the 
big picture. In one of them, a real-estate 
broker uses Avalon’s 2-D and 3-D graphics 
to visualise map data, WinFS metadata and 
contacts to assemble and share a package of 
information, and Indigo’s XML messaging 
to tap into Web services and to collaborate 
peer-to-peer with investors and lenders. 

In the Longhorn-only world of the 
demos, rich-client applications flow to PCs 
on demand using the ClickOnce feature that 
will debut in the forthcoming .Net Frame- 
work 2.0, aka Whidbey. 

The real world, of course, will never be 
Longhorn-only. By the end of the decade, 
Longhorn will be one of several viable Win- 
dows and non-Windows options. No matter 
which desktop OS predominates, there will 
likely be diversity within your enterprise and 
certainly among your business partners and 
customers. And the desktop is just part of an 
increasingly diverse IT landscape. In some 
ways Longhorn embraces that diversity, in 
other ways decidedly not. Although its pil- 
lars are complementary, each bears its own 


26 | Information Age | Octoser/NovemBer 2004 


Although years away, the successor 
to Windows XP is setting off 
alarms in the enterprise 


By Jon Udell 


unique relationship to current technologies 
and standards. By teasing out those relation- 
ships, we can see where the proprietary lines 
are being drawn and can begin to assess the 
kinds of trade-offs Longhorn will entail. 


The Indigo wire 

If you believe that Web services will be the 
lingua franca of network communications in 
the coming decades — as TCP/IP was in past 
decades — then you will regard Indigo as the 
least controversial of Longhorn’s pillars. It 
is both solidly standards-based and aggres- 
sively innovative. Not all the standards that 
Indigo embraces are fully baked: security, 
identity federation, reliable messaging, and 
transactions are among those still evolving. 
Even the SOAP transport at Indigo’s core 
has yet to achieve ubiquity, and some won- 
der if it ever will. From a 50,000-foot view, 
however, there’s broad consensus that some 
flavour of XML messaging will be the glue 
that connects services, applications, people, 
and devices. 

Extending a tradition that dates back 
to Microsoft's earliest COM-based middle- 
ware, Indigo will offer developers hands-off 
control of the messaging system, enabling 
them to invoke asynchrony, transactions, or 
encryption using terse metadata annotations 


rather than many lines of code. The tools 
and frameworks that support this declara- 
tive style will be proprietary and, Microsoft 
hopes, compelling. But Indigo’s charter is to 
ensure that the resulting applications and 
services can interoperate cleanly with any 
standards-based services fabric. 

Two additional factors make Indigo 
especially noteworthy. First, it’s the only 
Longhorn pillar that will ship for down- 
level clients, maybe even ahead of the 
Longhorn OS itself. Second, Indigo rep- 
lumbs the networking substrate to make 
XML messaging efficient for local or 
peer-to-peer use. So, in theory, developers 
will be able to apply a single set of skills to 
Longhorn-only, Windows-only, and open 
environments. The devil is always in the 
details, but Indigo appears to offer maximal 
leverage with minimal lock-in. 


WinFS storage 

Longhorn’s storage system, WinFS, will 
attempt a feat never successfully performed 
on the mainstream desktop. It will interpose 
a relational database between NTFS and cli- 
ents, as in both users and applications. And 
it will use that database not only to optimise 
searching but also to enable more flexible 
ways of organising information. From a 


aosnal 


user’s perspective, the distinction between 
search and navigation will blur. Conven- 
tional queries based on well-known proper- 
ties — document name, author, date — will 
be accelerated. New kinds of queries will be 
enabled by relationships among properties. 
Because properties are owned by the system, 
applications will pool their use of them. And 
because WinFS does not model a tree but 
rather a directed acyclic graph, two or more 
folders will be able to hold the same instance 
of an item. 

Working in concert, these capabilities 
mean that if appropriate metadata exists — a 
huge “if”, of course — you'll be able to make 
requests such as: “Show me recent messages 
and documents related to project X.” You'll 
be able to save that query as a self-updat- 
ing folder. And you'll be able to take an item 
from that folder — not a shortcut or sym- 
bolic link but the item itself, as represented 
by its WinFS ID — and put it onto your 
to-do list without removing it from other 
places. 

If .Net’s theme is managed code, the 
theme of WinFS is managed metadata. 
And indeed, the two are joined at the hip. 
WinFS items are instances of .Net Frame- 
work classes. Applications declare them using 
a proprietary schema language and search 


Information Age | OctoBer/Novemser 2004 | 27 


| 


Update: Microsoft scales back plans for Longhorn 


By John Fontana 
Network World Fusion 


At the end of August, Microsoft made a dramatic retreat from 
its lofty goals for Longhorn, saying its highly touted storage 
subsystem would not ship with the client operating system. 

Instead, Microsoft said WinFS storage and search technol- 
ogy would be in beta when the Longhorn client operating sys- 
tem ships in 2006. This is the first time Microsoft has confirmed 
a ship date for the client operating system. The server version 
remains slated for 2007. 

In addition, Microsoft said WinFX would be back-ported to 
Windows XP and Windows Server 2003 and made available 
when Longhorn ships. WinFX replaces the Win32 program- 
ming model and includes two foundation technologies slated for 
Longhorn — a presentation subsystem called Avalon and Web- 
service middleware called Indigo. In essence, this announce- 
ment dilutes the importance of those two technologies to the 
Longhorn platform. 

“| question what is left of Longhorn. | just don’t know until we 
have more details,” said Peter Pawlak, an analyst with Directions 
on Microsoft, an independent research firm. “What will be the 
difference (in Longhorn) from a Windows XP box with WinFX?” 
says Pawlak. 

The move to expand the platforms that support Avalon and 
Indigo means developers will have a lot of the newfangled Long- 
horn infrastructure to write applications against without having 
to worry about users adopting Longhorn to take advantage of 
the applications. 

The changes make Longhorn more of an evolution from Win- 
dows XP rather than the revolution in desktop computing that 
Microsoft has been touting, Microsoft officials admitted. 

“The path to get to our very ambitious vision for Windows 
is different and is more evolutionary in appearance rather than 
one big leap as we have described in the past (with Longhorn), 
says Greg Sullivan, lead product manager for the Windows cli- 
ent group at Microsoft. 

But Sullivan did say Longhorn would be distinct from Win- 
dows XP and Windows Server 2008. “There will be differentia- 
tion features available in Longhorn, from the fundamentals of the 
core OS kernel, to performance, reliability and security and a 
host of management tools and an error-reporting infrastructure 
— all the things that IT is interested in” He said Longhorn would 


ship in the second half of 2006 and would be “broadly available” 
by the end of that year. 

He added that “Longhorn will bring tremendous strides to 
achieving the Windows platform vision, and subsequent to that 
we will get out WinFS and we will get to the vision that we 
outlined at the PDC’ 

At its Professional Developers Conference in November, 
where Microsoft distributed a pre-alpha version of Longhorn, 
Microsoft's chief software architect Bill Gates said Longhorn 
would provide opportunities for developers that would be 
stronger over the next decade than at any time in history. 

Now that seems only like tough talk as Longhorn’s key con- 
structs will clearly develop on a more gradual schedule. 

That makes sense, according to some experts. Microsoft 
has always relied on its development community to generate 
excitement around a new technology, which is how it began to 
roll out .Net. 

“If they tie (Avalon and Indigo) to Longhorn it would take 
years for them to get developers on it,’ says Pawlak of Direc- 
tions of Microsoft. “By expanding WinFX, they get the same 
thing they've had with .Net — they kick-start development. That’s 
pretty interesting. | never got WinFX in isolation (on the Long- 
horn platform).’ 

Microsoft's Sullivan admitted that developers had hounded 
Microsoft to make Avalon and Indigo available to more platforms, 
something that will not happen with WinFS. 

“We do not plan to make WinFS available on down-level 
platforms,’ he confirmed. 

The delay of WinFS is what really takes the shine off Long- 
horn. Gates said at the PDC in November that WinFS was the 
realisation of a 10-year dream for him around search technology 
and termed it his “Holy Grail”. 

WinFS, the storage subsystem planned for Longhorn, is 
designed to break data away from individual applications and 
interfaces so it can be stored and shared universally at the plat- 
form level. It also would allow data searches that stretch across 
the desktop PC, the network and Web services. 

Having WinFS in the Longhorn client really didn’t make 
sense if there was no server-side support to back it up, experts 
said. 

Microsoft's Sullivan said Longhorn would include local desk- 
top searching as a hint of the power in the relational database 
capabilities of WinFS. 

The first beta of Longhorn is expected in ship next year. 


them using a proprietary query language. 
Could XML-oriented schema and query 
languages solve the same problems in a more 
open way, leveraging the trend — strongly 
evident in Microsoft’s own Office products 
— toward open document formats? Quen- 
tin Clark, director of program management 
for WinFS at Microsoft, argues why not. 
The relational core of WinFS is an opera- 
tional necessity, he says, but he points out 


that WinFS and Yukon do share common 
SQL/XML code. 

Here’s the upshot. If you’re invest- 
ing today in XML document formats, you 
should expect WinFS to do a good job run- 
ning XPath or XQuery searches over them. 
Of course you'd also like the system to trans- 
late between XML data and WinFS meta- 
data. That way, an XML document produced 
by a non-WinFS-aware — and perhaps 


non-Windows — application could par- 
ticipate in WinFS relationships and behave 
nicely in the Longhorn shell. Clark says 
some translation will occur, but he does not 
yet know how automatic it will be. 


The Avalon view 

Avalon reboots Windows graphics to unify 
three modes — documents, user interfaces, 
and media — within a single display stack. 


28 | Information Age | OctobeR/Novemser 2004 


MS manager gets to heart of Longhorn pillar 


By Jon Udell 


Quentin Clark is director of program management for WinFS 
(Windows File System). We asked him to comment on a 
range of WinFS issues and especially on the relationship 
between WinFS and XML. 


1A: WinFS has one notion of types and queries, and XML 
has another. How do we reconcile these worlds? 


QC: Consider a Word document in WinFS. It has a WinFS type, 
Document, with properties like Author and Title. But that WinFS 
type will also include an XML data type. 


1A: So I'll be able to use XPath or maybe XQuery to query 
that XML data type? 


QC: Yes, we're leveraging Yukon’s XPath/XQuery capability. 
That gives you a lot of power. You can walk up to WinFS and 
issue XPath queries into items that have XML data types, and 
then we can go and reason over those things. One thing we're 
struggling with now - it’s an open design issue — is what our 
ability will be to give people the opportunity to do metadata 
handling on XML that’s just sitting in a file stream. 


1A: Is the relational engine the only way to maintain control 
over the managed metadata? 


QC: It’s just a fact that there are more things we can do 
with a normal scalar property — a thing that has a column of 


its own inside the SQL engine — than we can with do some 
piece of XML deep inside a data type. Can | find things 
inside XML data types? You bet. Can | build rules around 
that? Yes. But if the user right-clicks in the shell because 
they want to add a column that displays the proposal ID, 
how easy will that be if the thing is buried inside an XML 
data type? 


1A: Given an XML schema, it seems that automated map- 
ping should be possible. 


QC: My dream here is to allow developer tools to build exten- 
sions to WinFS types, point them at XSDs [XML Schema 
Descriptions] they've created in Office, and wire things up 
automatically. That’s where | want to land. What we get done 
by Beta 1 or RTM [release to manufacturing] is open to debate. 
But the basic support for metadata handlers looking into file 
streams and putting things up into the query space — all that is 
very much baked and committed. 


IA: What's the relationship between WinFS and Yukon? 


QC: Nobody has built an XML store that has the level of scale, 
performance, or capabilities of today’s relational stores. It’s true, 
as you say, that database vendors are now supporting XML. A 
really good and deep integration of XML into a relational data- 
base gives you the best of both worlds. So the data engine at 
the heart of both Yukon and WinFS — the thing that’s breaking 
apart queries, doing optimisations, storing B-trees — is common, 
though not the same version. 


According to Darryn Dieken, group pro- 
gram manager of Avalon at Microsoft, the 
massive effort has already produced nearly 
20,000 APIs. It’s a top-to-bottom overhaul 
involving drivers, the services formerly pro- 
vided by Win32’s User and GDI (graphics 
device interface) modules and the XAML 
(Extensible Application Markup Language) 
programming toolkit. The goal, Dieken 
says, is to equip PCs in the coming decade 
for efficient, seamlessly integrated display 
of “presentation experiences” that combine 
video, animation, 2-D and 3-D graphics, rich 
document display and editing, and compel- 
ling software interfaces. 


Along the way, quite a lot of baggage 
had to be jettisoned. Avalon will run only 
on high-end PCs. A stripped-down version 
might be capable of running Windows CE, 
Dieken says, but “the spirit around Avalon is 
to exploit the PC as much as possible”. 

Similarly, Avalon plays on the Web only 
in the sense that ClickOnce deployment can 
send partially trusted applications to clients 
running the full Avalon stack. It makes no 
use of Web standards such as XHTML, 
CSS, or SVG (Scalable Vector Graphics) 
and indeed invents its own counterparts 
to these. Some observers initially hoped 
that XAML would support an alternate 


rendering for the Web. Clearly, enterprise 
developers seeking maximal reach for mini- 
mal effort would have loved that solution. 
According to Dieken, the Avalon team 
gave it a try, spending months working on 
an ASP.Net-like approach before conclud- 
ing that no single model could adequately 
express both paradigms. 

If you decide there’s competitive advan- 
tage in giving rich Avalon experiences to your 
intranet or Internet users, Microsoft will dra- 
matically simplify the task. But you'll have to 
do everything again — and very differently 
if you also want to reach the Web. Although 
ASP.Net 2.0 can surely help, Microsoft is 


If you decide there’s competitive advantage in giving 
rich Avalon experiences to your intranet or Internet 
users, Microsoft will dramatically simplify the task 


Information Age | Octoper/Novemeer 2004 | 29 


Longhorn through the open-source lens 


By Jon Udell 


We asked two open source leaders 


— Brendan Eich, chief architect of. 


Mozilla, and Miguel de Icaza, CTO of 
Novell’s Ximian services business unit 
— for their perspectives on Longhorn’s 
Avalon presentation subsystem. 


1A: What’s your take on Avalon? 


BE: Microsoft's doing things that are 
valid according to their business inter- 
ests and also, in general engineering 
terms, with an eye toward the [profes- 
sional developers]. They have to keep 
them happy, give them the tools they 
want, keep them hooked on the next ver- 
sion of the OS. 


1A: Of course, a lot of those folks tell 
us that the browser and the Web are 
their bread and butter. 


BE: That’s my fond hope, too. I’m sure 
there will always be certified Windows 
developers. But | do wonder if they'll have 
trouble convincing people to migrate and 
pay large costs to reinvest in redoing 
things — especially if they're not support- 
ing the Web well and if people find the 
Web to be lower cost yet still adequate 
for presentation. 


Vidi: Avalon is a very extensive API, but 
while there is a lot of abstraction, there 
is not enough encapsulation. It’s a high- 
level standard toolkit. The problem we 
have today with Unix toolkits, Mac OS 
toolkits, and Windows toolkits is that we 
are still using the same controls. Devel- 
opers and designers are building appli- 
cations in terms of the following items: 
scroll bars, enter lines, buttons, text 
entries, radio buttons, pop-up menus, 
combo boxes. Avalon is not presenting 


us with new controls or innovative ways 
of dealing with large volumes of data. 
And yet this massive API says you have 
to be completely bound to a particular 
version of the .Net Framework. This is 
not the approach the Web has taken, 
which is that a table or button can be 
rendered in different ways appropriate 
to the platform. 


BE: That’s right. If you look at XAML’s 
style language, they really muddle the 
presentation/structure separation. 


Widi: Avalon is the next ActiveX. One 
thing that is a problem when trying to do 
Linux desktop rollouts is that companies 
often have a few proprietary ActiveX 
components. Avalon will be a lot easier 
to write than the previous Activex; it’s 
a lot prettier, so when organisations are 
using Longhorn-based machines, which | 
assume will be sold everywhere by 2008, 
it's going to be increasingly hard for the 
rest of us to get there unless we have an 
implementation of an equivalent technol- 
ogy. So, eventually somebody will imple- 
ment that, whether as part of the Mono 
project or a separate project. 


1A: It’s been argued that because there 
are 15 ways people have approached 
XUL [Extensible User Interface Lan- 
guagel, Flex, XAML, whatever — and 
you can’t reconcile them — maybe it’s 
time for a de facto standard imple- 
mentation. 


BE: XAML is not that thing, though, 
because, as Miguel says, they’ve bound 
it too tightly to their class structure. And 
that surprises me because they should 
have institutional memory of all the ver- 
sions of OLE and all the hell they had to 
go through in terms of compatibility glue. 
Do they want to do that again? 


doing nothing to improve Internet Explor- 
er’s support for DOM, CSS, SVG, or other 
standard ways to enrich the browser. 

And despite the fact that open source 
critics assert that XAML need not have been 
bound inextricably to the proprietary Avalon 
stack, Microsoft sees no possibility of — and 
no real motivation for — a standard rich-cli- 


ent technology. “You can make an argument 
that the customer will benefit from the com- 
petition,” Dieken says, adding that “it will be 
hard for some developers who have to make 
a choice”. 

For developers of commercial Windows 
software, that choice boils down to timing. 
Today, for example, more developers would 


like to use .Net, but they refrain because 
there is no end-user version of Windows 
that includes .Net as standard equipment. 
For enterprise developers, however, there’s 
more to worry about than the centre of grav- 
ity of the Windows installed base. Microsoft 
is careful to point out that Avalon is not a 
reach technology. But enterprises need reach 
and can ill afford to invest in a rich-client 
technology that forecloses that option. 


The whole and the parts 

Longhorn would make perfect sense in an 
alternate universe where the Web never 
happened, where phones stayed dumb, and 
where Windows applications owned the edge 
of the network. But in this universe nothing 
owns the edge. We have browsers, we have 
computerised phones, and we have a grow- 
ing number of portable, rich-client tech- 
nologies. Although Microsoft would like us 
to regard Longhorn as a unified whole that’s 
greater than the sum of its parts, its pillars 
will intersect with enterprise IT in quite dif- 
ferent ways. 

Indigo, by virtue of its developer-friendly 
simplification of Web services protocols, 
could propel Microsoft into the forefront 
of enterprise middleware. Although Long- 
horn’s use of Indigo will focus on networks of 
Windows peers, the technology isn’t bound 
to Longhorn. Expect to see Indigo-pow- 
ered “enterprise service bus” offerings from 
Microsoft and partners. 

If WinFS succeeds in delivering improve- 
ments in users’ ability to organise and man- 
age local information, enterprises looking to 
drive productivity up — and support costs 
down — will want it. The wild card will be 
the level of support for legacy document for- 
mats and emerging XML formats. Benefits 
that accrue only to new WinFS-aware appli- 
cations won't tip the scale. 

Avalon’s TV-like “presentation experi- 
ences” clearly favour the home entertain- 
ment centre over the business desktop. An 
accelerated convergence of voice, video, and 
data could alter that equation, and Avalon 
is designed to help drive that convergence. 
But enterprises concerned about reach and 
lock-in will need to carefully evaluate the 
trade-ofts. 

How will things play out? Check in five 
years and let us know if our crystal ball was 


cloudy or clear. 


30 | Information Age | Octoser/Novemser 2004 


Guiding our 


Australian Customs’ 
massive re-engineering 
project calls for high- 
level business nous 


MURRAY HARRISON is a professional 
public servant, a 30-year veteran of manage- 
ment roles in the Department of Veterans’ 
Affairs (DVA) and the Department of Social 
Security (DSS), charged with developing and 
managing welfare programs. 

Like others in government including 
DIMIA CIO Cheryl Hannah (last issue of 
Information Age), his appointment in 2002 to 
an ICT executive role as CIO of the Austral- 
ian Customs Service is founded on successful 
management roles in the Senior Executive 
Service, rather than the traditional trek 
through information technology. 

Joining DVA in 1971, he has climbed 
a management ladder built of success- 
ful projects in benefits, compensation and 
income support, moving into a CIO role in 


1997 when the department moved to increase 


the business focus of its ICT operations. 


Information Age | October/Novemser 2004 | 31 


| 


“It was a brave decision to change 
horses in midstream, and the project 
was restarted pretty well from scratch 
in late 2001 with little carried over from 


the EDS effort” 


He describes it as “a time of quantum 
change in IT” and a fortuitous point of entry 
into taking on a CIO role to harness rapidly 
changing technological dynamics to meet 
DVAs business imperatives. 

His move to Customs two years ago to 
take up the newly created CIO role included 
taking control of the technical components 
of the department’s massive, but troubled, 
Cargo Management Re-engineering Pro- 
gram (CRM) which would test his manage- 
ment acumen. 

The program began in 1996 with a 
review of Customs’ IT infrastructure and its 
ability to handle expanding processing vol- 
umes, coincident with the appointment of 
outsourcer EDS to a wide-ranging contract 
to support the department’s IT operations 
and systems. 

Customs notionally estimated the cost 
of new software development and an overall 
architecture to streamline the management 
of imports, exports and revenue collection at 
about $30m, with the project to be under- 
taken by EDS. 

“This figure was just a line drawn in the 
sand against which Customs could bench- 
mark outsourcing bids, not a hard figure 
as the project had not gone to spec stage, 
CCF was not included and the more com- 
plex import management component had not 
been studied to any great degree,” Harrison 
says. 

It became apparent to both organisations 
that bundling the task with day-to-day sup- 
port services “was not the correct thing to 
do”, and at the end of the 90s EDS relin- 
quished the development task, particularly its 
software component, by mutual agreement 
and concentrated on its core responsibili- 
ties. 

EDS’ contract has recently been 
extended to 2007. 


Customs went to tender for CMR in 
2001, with a successful Computer Associates 
consortium of Kaz, IOCORE and others 
bidding $29.7m for the core cargo report- 
ing and management business. 

An IBM-led group would develop 
Customs Connect Facility, a gateway for 
Web-enabled access to Customs’ re-engi- 
neered IT infrastructure, and beyond into 
government agencies interested in who 
was sending what in and out of Australia: 
Australian Quarantine, Bureau of Statis- 
tics, Foreign Affairs and Trade — about 
a dozen in all. 

“Tt was a brave decision to change horses 
in midstream, and the project was restarted 
pretty well from scratch in late 2001 with 
little carried over from the EDS effort.” 

After the decision was made, Harrison 
was appointed CIO of Customs in 2002 with 
its 4800 staff across Australia and in offshore 
posts — and to manage the development and 
implementation of CMR. 

“For all intents and purposes, develop- 
ing CMR effectively started two years ago, 
and while there have been some delays in the 
import end of the development, the project is 
on time and will start in October. 

“There are commentators that insist that 
we started in 1997 and are fond of talking 
about a ‘seven-year project’ but that’s simply 
not the case. This has been an extraordinarily 
intensive exercise to create a system which is 
unique in the world.” 

He also bridles on the question of costs: 
“We never said what the project would cost 
at the outset because we didn’t know until it 
was fully defined and specified. 

“When the CA group started into the 
project it rapidly became apparent that the 
job was about three times bigger than had 
previously been discussed in the 90s; the 
notional $30m was meaningless and the 


software development, when fully scoped, 
cost around $50m. 

“The CCF gateway infrastructure came 
in at $50m and Customs’ costs over five 
years to get the project fully embedded will 
be about $100m — all inclusive of GST. So 
yes, it cost a significant amount, but no more 
than expected for a project of this size and 
complexity. 

“And given that the system will collect 
about $7.5 billion a year in Customs duties, 
it’s not a bad investment 

“Transition costs are significant, but then 
so is the job of dealing with the thousands of 
private sector stakeholders and organisations, 
and about 30 key agencies.” 

He also points out that efforts in the US 
to create a similar management system called 
Customs ACE has already gone through 
$US1.2bn and is expected to go to $2.2bn 
by the time it’s finished. 

“This is the most important government/ 
industry project in Australia. What we are 
doing is providing a Web-based interchange 
between the government and industry for 
import and export of goods that will enable 
anyone to access our systems directly to meet 
their obligations to tell us about their cargo 
movements, via the Internet. 

“If you want to export/import some- 
thing now you have to go to broker who has 
a back-end system that does the Customs 
work and you pay for it. You can still do all 
that, but under the new system you can reg- 
ister with us, tell us what you have to, we’ll 
give you access to our applications, you fill 
out the forms, and we'll tell you if you owe 
us any money. 

“We have a sophisticated risk assessment 
function which will tell us whether we should 
look at the goods when they come in. It’s a 
simple initial process, but there’s an awful lot 
happening at the back end.” 


32 | Information Age | Octoser/Novemser 2004 


Customs’ CMR: 


what it is and what it does 


Australia’s most ambitious e-government project 


sets world benchmark for cargo management 


AN EXAMINATION of the Austral- 
ian Customs Service (ACS) systems in 1996 
has led to what its CIO, Murray Harrison, 
describes as the biggest e-government project 
in Australia. 

Its Cargo Management Re-engineering 
Program (CMR) program, with its Inte- 
grated Cargo System (ICS) at its core, went 
live on October 6 after two years’ intensive 
development. 

It has been far from plain sailing for Cus- 
toms with some radical changes of direction 
during the first years of its definition and 
planning, and some criticism from various 
industry and media commentators as time- 
lines lengthened and arguments over its real 
costs drew the ire of politicians (see box). 

Essentially, the re-engineering project 
was needed to create a secure Web-based 
“single face of government” for players in 
the import/export supply chain to cope with 
annual trade processing volumes of 3 million 
import entries, 1.2 million export clearances, 
4 million container and 100,000 flight move- 
ments, and the collection of nearly $7.5 bil- 
lion in Customs duties. 

It is a world first in this field; its nearest 
equivalent, the American ACE system is so 
far estimated to cost more than $US2bn and 
is still far from complete. 

Half a dozen ageing, partially inte- 
grated legacy systems reaching end of life 
would be replaced by a single, custom-built 
IT platform with ICS as its central access 
and processing hub to allow for the direct 
reporting and management of cargo move- 
ments with direct interface with 12 other 
government agencies like Quarantine and 
Statistics. 

Legislation passed in 2001 created a legal 
framework for electronic cargo management 
secured by Public Key Infrastructure (PK) 
using the GateKeeper accredited certification 


authority to deliver registration or certification 
services to meet Commonwealth standards. 

Sophisticated risk assessment procedures 
to protect Australia’s borders got high prior- 
ity in system design. 

Individuals and businesses wanting to 
access the system need a digital certificate 
from a Customs-approved GateKeeper com- 
pliant certification authority, and must meet 
Customs requirements in their own systems 
to access the export side of ICS. 

The more complex import side of ICS is 
scheduled to come on stream by the middle 
of next year. 

Organisations wanting to access ICS 
using electronic data interchange (EDI) to 
batch communications can also do so. Its 
implementation under the new regime is 
detailed at customs.gov.au along with hun- 
dreds of pages of information on CMR’s 
individual systems, customer registration, 
e-learning, external software development 
suppliers and rules, and general overviews. 

A number of service providers were 
retained to develop and implement systems: 
Computer Associates’ consortium with Kaz, 
IOCORE and NCR for applications, IBM 
for professional services (and some hardware 
and software under its arrangement with 
Customs outsource partner EDS), BeTrusted 


it abe i 
Employee 
User Name 
3 < Secure 
anes Gateway 


Sottware Developers Industry 
Proprietary & In-house (High Volume 
Usage) 


User Name 


Password, > 


[aewser 1] | Environment [va 


Digital 
Centificate 


Digital 
Certificate 


(now Cybertrust )for PKI software and serv- 
ices for the Customs Connect Facility (CCF) 
“gateway”, Novell for identity management 
and directory services software, and VeriSign 
for GateKeeper. 

Long-established outsource partner 


EDS has recently had its contract for infra- 
structure support for mainframe, mid-range 


platforms and hosting applications, and for 
application production support and helpdesk 
services extended to June 30, 2007 bringing 
its total contract to $542m. 

Once the import side of ICS is also in 


place, CMR will handle more than 30 mil- 


lion inbound messages annually and 93 mil- 
lion outbound. 


Integrated Cargo System (ICS) 


The cornerstone of CMR, ICS is an inte- 


grated system giving enhanced risk assess- 
ment at the border and allowing more 
efficient cargo tracking. Its software suite 
has 23,000 function points. 

It operates on an IBM OS390 mainframe 
running ZOS with transactions in a CICS 
environment with DB2 database manage- 
ment. MQ-series provides the mainframe 
interfaces with the CCF gateway and other 
business applications. 

Customs’ Web-based user interface, 


Secure Communication 
Gateway 


Integrated 
Cargo 
System 


Future Customs 
t————"|_ Business Application 
A 


Future Customs 
Business Application 
B 


Information Age | Octoper/Novemeer 2004 | 33 


Freight 
Forwarder 


Terminal 
Operator 


Customs 
Broker 


Bureau 
arate 


Client 


Walk - in 


Business Application 
System 


Customs Public 


Goods Deliver 
Users y Components 
wn Channels 
~S aap 
a M 
Passenger Sy 3 
e 
1 Ss 
; Ss 
f Danes: Brokerage Bureau 5 
i System & 
B ie id sh g 
Cltent —_ e 
“SS Importer; 
Exporter ] 
oy 
fs FE: a 
i io Brokerage System 


Internal 
Users 


Permit 
Issuing 
Authorities 


Other 
Government 
Agencies 


a | AUSTRALIAN 
f | CUSTOMS SERVICE 


Customs 
Officers 


Customs ICS Project 
Architecture Overview 
Business 


Version 1.0 


Customs Interactive (CI) has a WebSphere 
Java application server front end. CI system 
software is hosted on infrastructure managed 
as part of the CCF gateway. 

Transaction application code to support 
the cargo management business rules for 
both EDI and CI channels was developed in 
the AdvantageGen/CoolGen environment. 

ICS’s transaction and event processing 
architectures create and manage events to 
prioritise and balance message loads across 
the system to maintain throughput, with auto- 
matic exception and recovery management. 

Design detail in the 19,000 pages of anal- 
ysis for ICS includes 800 screens, 16,000 busi- 
ness rules, 70 complex business messages, 850 
database tables, 3700 executable load modules, 


1800 CICS transaction types, 55 batch jobs, 
90 reports and 35 system interfaces. 


Customs Connect Facility (CCF) 
CCF is the gateway to Customs’ business 
applications. Importers, exports and brokers 
can transact via an interactive mode (Cus- 
toms Interactive) using industry standard 
Web services or with batch mode EDI. 

A data transformation facility translates 
Customs and industry-agreed standards for 
data exchanges (eg UN/EDIFACT) to Cus- 
toms’ application requirements, significantly 
reducing customers’ previous need to use a 
plethora of data formats. 

It also allows Customs staff to track mes- 
sages through the CCF. 


Communication channel management 
and CI runs on Sun Solaris Unix platforms 
and Cisco routers, with validation and trans- 
formation processed on IBM P- and SP-series 
Unix platforms and Wintel servers running 
IBM AIX, Win2K, DB2 , WebSphere, Tivoli 
WebSeal and Baltimore’s FormSecure. 

Overall, the CMR architecture was 
designed to be multi-tiered, highly available, 
scalable and to have shared security compo- 
nents with common code bases (for services 
such as authentication and authorisation). 

The CCF solution has its origins in 
the IBM e-business infrastructure refer- 
ence architecture with J2EE, WS-Security 
(SAML), XML, UN/EDIFACT D99B and 
LDAP. &> 


Sophisticated risk assessment procedures 
to protect Australia’s borders got high 
priority in system design 


34 | Information Age | Octoser/Novemser 2004 


A BUCK A WEEK TO KNOW IT 


COMPUTERWORLD JUST $1 AN ISSUE FOR ACS MEMBERS 


Name 
ACS members now receive Position 


a complimentary copy of Company 
Computerworld with Information Address 
Age. If you’d like to read the 

latest issue of Computerworld Sitges =e Posiegde ak Fiona 9) Jo ae ee | 
every week, we’ve put together E-mail: | 
a special offer of just $46 fora Gi Cheque/money order (payable to IDG Communications) attached or 

year’s subscription. That’s 46 envi Eatheatd ste asta Gare Seivisa ELD mee Bl Dine snp 

issues of IT news, technology, a ue Besar 

trends and analysis. aa 


Signature 


(J | do not wish to receive future promotional material {J | require a tax invoice 


To take advantage of this offer fax this page to 02 9439 9697 or call 1800 248 811 


al/SINESSINTELLIGENY® 
Mixed-br : 
starts to bie 


onsidet 


yey with Mi 


ndliy 
sthe bo" 
Re the 


cin Micro 
software rhe 


alway 


nce 


yy conver ee 
ntelligenee 


“pat functions 
that fue a 


aide apps 
copleSatt oF sicbel 


rsely, 


ayegration P 
ity 


ner ith © 
reful to pat quire 30" 
are ja custorers OE 
sid cus! 


australia 


whofe 
cof Health OPE 


mi 
nd vendo 


YF manager 
mans 


{ATED 
(ain iT 


exary int 
= 3 de 


8 ON ainsi 


can rai levice, therefore oe 
tive zm alarm on abnormal behaviour, uly; “ 
§ Gibbs, managing directoy : thoy 8 an Sou ry | 
: * Concord i he Pag Stray, PM 
ers men, ey 
stand the behaviour of th en ade 0 4 


arm when itis outside that 
basis of what the market 


of a numbe av 
fs nber of organi- atte of a 
lng Olly ts 
ingen Mey Mitiy 
for sprang, Weg Tally | 


he technology that 
biles. 5 ees 


feels while 


When bits and byt ay Bey Mer ig, Kas 
speeds adding ately dereglstens at lightning Par cy, €0m a Meng be 
continuity and content, intelligent infrastruc ; 

trouble at bay. fan Yates joes infrastructure keeps 


hat kind of car you're 


Mail to: IDG Communications Pty Ltd 
PO Box 295, St Leonards, NSW 1590 


IDG's privacy statement appears at www.idg.com.au 


AVWA TLALV A -NOWVGLST TI 


36 | Information Age | Octoser/Novemper 2004 


By Leon Erlanger 


“OUR BRANCHES HAD EVERY TYPE OF PHONE SYSTEM 
IMAGINABLE,” says Stan Adams, SouthTrust’s group vice president of voice 
and data. With 730 branches and 13,200 employees, South’[rust, a regional 
US bank, had been growing through acquisitions since 2000. 

“Dealing with all those maintenance programs was turning into a 
major management headache. We were about to upgrade all our branches 
to T1s and switched 100Mb anyway, so we decided to build a converged 
IP voice/data network that would let us manage all our voice and data 
services centrally from Birmingham.” 

Now all of SouthTrust’s sites are populated with IP-based phone hand- 
sets connected over the data network to a few Cisco CallManager IP PBX 

server clusters in Birmingham, which are in turn backed up by another Call- 
Manager cluster in Atlanta. “The CallManager clusters manage call setup, voice 


mail, and long distance for all our sites,” Adams says. “The savings we’ve seen from 

centralised management are incredible. And now we can take advantage of cheaper high-volume 
long-distance rates and bypass long distance tolls on the branch WAN connections.” 

SouthTrust’s story is a great example of how far enterprise VoIP (voice over IP) has come in the 
past few years. The consensus is that VoIP, which describes many different scenarios for running call 
control and digitised voice traffic over enterprise IP data networks, works. “The early issues of voice 
quality, quality of service, scalability, migration, features, and functionality in enterprise IP phone 
systems have pretty much been solved,” says Jorge Blanco, vice president of marketing at Avaya, a 
major player in both the legacy TDM (time-division multiplexing) and IP telephony market. 

Steve Blood, research vice president at Gartner, agrees. “You can now choose from a host 
of VoIP integrators such as IBM and HP and service providers such as Verizon that have 
real expertise and track records deploying VoIP in the enterprise.” Verizon typically acts as 
an integrator and then takes over management of customer-based VoIP equipment. Many 
carriers also offer an IP form of Centrex to small and some midsize businesses. 

Perhaps even more exciting than cost savings is the promise VoIP holds for enabling true 
converged voice and data applications. Instead of being the separate silo that it has been up 


Information Age | October/NovemBer 2004 | 37 


Making VoIP secure 


A converged voice and data network may sound like a fabulous 
idea until you remember the last time a worm or denial of service 
attack brought your network to its knees. Do you really want the 
network and your phone system to go down together? 

Now turn the paranoia up a notch and imagine hackers pen- 
etrating your IP PBX or gateway to make hundreds of long-dis- 
tance calls, to check your CFO's voice mail, or to forward your 
CEO's calls to your competitors. Or think about savvy employ- 
ees using a tcpdump and a readily available Unix tool called 
Voice Over Misconfigured Internet Telephones (also known as 
VOMIT) to snoop on calls. People have come to accept all 
the crazy things that can happen on a data network, but they 
are used to a much higher level of reliability and security from 
their phone system, especially when you consider that it may 
be needed to dial 000. 

There are many things you can do to make the likelihood of 
an attack much lower than it would be on the data portion of 
your network. But first, you should know that legacy PBXes are 
not immune to attacks, either. Hackers often gain access by 
dialling into administrative ports or taking over extensions and 
voice mail for terminated employees whose accounts haven't 
been deactivated. There are lots of Web sites devoted to con- 
ventional phone hacking. 

That said, an IP PBX is far more likely to be affected by 
events that occur on the data network. VoIP (voice over IP) 
vendors understand this and have risen to the occasion with a 
variety of security features. To start, many eschew Windows in 
favour of VxWorks, Linux, or other operating systems with less 
frightening records of virus and other attacks and less constant 
streams of patches. They typically harden the OS, using only the 
services that are essential for the applications, and their “serv- 
ers” are actually appliances that come preconfigured. Cisco 
uses a hardened version of Windows NT in its CallManager sys- 


tems, for example. Most vendors also offer voice and call-control 
encryption over the IP LAN or WAN. Cisco even provides built- 
in intrusion-detection capability from its Okena acquisition. 

One of the best ways to secure your VoIP LAN is to sepa- 
rate it from the data LAN. This separation doesn’t mean you 
need two completely different infrastructures, but it does mean 
using your switches’ 802.1Q capability to place them in differ- 
ent virtual LANs. IP phones often have their own switches and 
VLAN capabilities. Place your IP PBXes in different VLANs from 
your other application servers, protecting the segment contain- 
ing your PBXes with a firewall where possible. Wherever the 
two segments will interact - messaging systems, for example 
— the firewall should provide protection from attacks. 

Be very selective about which IT staffers are allowed access 
to the core operating systems of your IP PBX servers and con- 
sider using intrusion-detection and prevention systems to moni- 
tor all voice servers and segments. Stay away from PC-based 
IP phones wherever possible because they are vulnerable to 
viruses, and create a link between your data and voice segment. 
Implement network address translation between the voice and 
data segments, with private address spaces for all IP telephony 
devices. 

Authentication — anything from allowing access only from 
phones with known MAC (media access control) addresses, 
to personal IDs, passwords, and PINs — can prevent someone 
from placing a rogue phone on the network. Also consider using 
static IP addresses for your IP phones, mapped to MAC (media 
access control) addresses. And, of course, keep up to date 
with the latest security patches on all your voice mail and call- 
processing servers and make sure you have good virus protec- 
tion. Who knows? Your extra efforts on behalf of IP telephony 
may have a welcome spin-off effect and increase the reliability 
of your network overall. 


A  aernaneraaneasamacaraanaanasaasrammememmses memammmmmmmencemmmmmmmancmme! 


until now, voice is on the verge of becoming 
simply another network application that can 
integrate with other real-time applications 
— such as instant messaging, presence, and 
Web and videoconferencing — to enhance 
collaboration among geographically dispersed 
workgroups or partnering organisations. 


VoIP can merge with Web, e-mail, live 
chat, and phone interactions in a multime- 
dia contact centre that greatly improves cus- 
tomer service. And VoIP has the potential 
to integrate with ERP and other enterprise 
applications to speed up approvals that used 
to stop business processes in their tracks. 


VoIP under the bonnet 

Unlike residential VoIP, enterprise VoIP is 
not simply about making cheap international 
calls over the Internet. Instead, it aims to 
replace the proprietary PBX phone systems 
and dedicated voice networks enterprises 
have relied on for years with standards-based 


question is when” 


“It’s widely accepted that everyone will 
convert to IP telephony ... The only 


Lon McCauley, director of network services 


at IBM Global Services 


38 | Information Age | OctobeR/NovemBer 2004 


call processing servers or appliances that 
run digitised voice and call control over the 
packet-based IP data network. Also known as 
IP PBXes, these servers provide most or all 
the features of their legacy PBX predecessors 
and connect over the LAN or WAN with 
IP-enabled phone handsets. 

IP handsets look and function exactly 
like their legacy predecessors, but VoIP 
vendors have recently added more PC-like 
features, such as colour displays, Web surf- 
ing capabilities, and limited access to data 
applications in some models. IP softphones 
provide the same handset capabilities in 
software installed on a PC, notebook, or 
sometimes even a PDA. 

In addition to phones and IP PBXes, an 
important component of VoIP systems is the 
gateway, which is used to translate between 
IP and the TDM scheme used by legacy 
PBXes and the PSTN (public switched 
telephone network). Gateways provide the 
translation necessary to add IP phones to a 
legacy PBX, to connect two legacy PBXes 
over an IP WAN, or to provide an IP PBX 
with trunks to the PSTN. 

Most IP telephony systems support a 
collection of standards from the ITU (Inter- 
national Telecommunications Union) called 
H.323, which defines how the different ele- 
ments of an IP telephony system interact. 
H.323 includes a number of voice compres- 
sion standards. A competing, up-and-coming 
standard called SIP (Session Initiation Pro- 
tocol) comes from the IETF and approaches 
VoIP more from an Internet perspective. 
SIP can serve as standard for other Inter- 
net applications such as instant messaging, 
chat, and multimedia messaging as well and 
is expected to be a major force driving con- 
verged applications. More and more VoIP 
vendors have started to support SIP, as has 
Microsoft in Windows Messenger. 

With maturing standards and broad 
industry support, there’s no question that 
enterprises are taking VoIP seriously. 
According to a Meta Group survey of 276 
North American companies, 62 per cent of 
midsize enterprises and 63 per cent of large 
enterprises (with 1500 or more employees) 
have implemented some form of VoIP. “It’s 
widely accepted that everyone will convert to 
IP telephony,” says Lon McCauley, director 
of network services at IBM Global Services. 
“The only question is when.” 


Enterprise VoIP glossary 


For many immersed in IT, the vocabulary of voice communications may be unfamiliar. 
Here are some of the most common terms. 

Codec: A compression/decompression algorithm used in IP telephony and other 
streaming media applications. 

G.723.1: An ITU-T Codec, used in many IP telephony systems, that has two associ- 
ated bit rates: 5.3Kbps and 6.3Kbps. 

G.729: An ITU-T Codec, used in many IP telephony systems, that has an 8Kbps bit 
rate. 

Gateway: A network device that converts voice and fax calls between the PSTN 
(public switched telephone network) and an IP network in real time. 

H.323: An ITU-T collection of standards used in VoIP (voice over IP) applications to 
define end points, gateways, and other IP telephony devices and their interaction. 
Precedes SIP (Session Initiation Protocol). 

IP Telephony: The transmission of voice and fax phone calls over a packet-based 
IP data network; synonymous with VoIP. 

IP PBX: The server that provides call control and configuration management for an 
IP-based phone system. 

IP Phone or Handset: A phone system handset that connects to the IP PBX over 
an IP LAN. IP phones often look and function much like typical legacy corporate 
phone system handsets, but in some cases they also take on PC-like functionality. 
MPLS: Multiprotocol label switching, an IETF set of quality-of-service labelling stand- 
ards that ISPs use to manage different kinds of data streams based on priority and 
service plan. 

PBX: Private branch exchange, an in-house telephone switching system. 

PBX trunk: The shared communications path between the customer’s PBX and 
the public network. 

PSTN: Public switched telephone network, which is also called POTS (plain old 
telephone service). 

Q.Sig: O Signaling, a signalling standard for PBX interoperability used in the United 
States and Europe. 

RTP: Real-Time Transport Protocol, the Internet protocol used by VoIP systems for 
streaming digitised audio and video across an IP network. 

SIP: Session Initiation Protocol, an up-and-coming IETF signalling protocol for Inter- 
net conferencing, telephony, presence, events notification, and instant messaging. 
Competes with H.323. 

Softphone: Software that provides IP phone functionality in a PC, notebook, or 
other computing device. 


SP CTT | ET SL, ET EE I A REE ETAT) 


The $64,000 question 

“When?” turns out to be a pretty big ques- 
tion, because the reality is that, unlike South- 
Trust, many enterprises are still in the VoIP 
pilot stage or have implemented VoIP in 
some parts of their infrastructure but not 
others. 

Why the hesitation? A primary reason 
is that many of the dramatic savings ven- 
dors have promised to IT haven’t panned 
out. Early in the VoIP game, it was thought 
that routing voice calls among company 
offices over the data network would pro- 
duce significant savings in long-distance 
bills. Then business long-distance rates 
plunged. “When you can get long-distance 


rates of less than 3 cents a minute, what’s 
the point?” Blood says. 

Then there were the productivity ben- 
efits that would come from unified messag- 
ing. All your e-mail and voice calls would sit 
together in one inbox accessible from your 
PC, notebook, or PDA. “Recent statistics 
show that if you’re on the road, unified mes- 
saging saves you about 15 minutes a day,” 
says Tony Jenkins, director of product mar- 
keting at Mitel Networks, “and if you’re in 
your office, about seven minutes a day.” 

What about the dramatic management 
savings that would come from converging 
separate staff and infrastructures, voice and 
data, into one? It’s true that moves, adds and 


Information Age | October/NovemBer 2004 | 39 


+ 


Router 


IP phones 


Router/ 
switch 


Managed 


packet 


network 


“a 


Messaging or 


converged 


applications server \ \V VQ 


Legacy phones 


Corporate office 


changes are much simpler with IP telephone 
systems than they are with a legacy PBX. 
However, it’s also true that for most compa- 
nies, TDM voice infrastructure already exists 
— and VoIP proponents have often under- 
estimated the network overhaul required to 
make hundreds or thousands of IP phones 
work across an enterprise. 

This usually involves a detailed analysis 
of call volume at various points in the day 
(particularly peak periods); upgrading to 
switched Fast Ethernet to the desktop with 
Power over Ethernet throughout, discover- 
ing and eliminating numerous bandwidth 
bottlenecks, and upgrading routers with new 


IP phones 
sales and marketing 


OS versions and more memory to support 
VoIP. Then you have to configure network 
quality of service to help prioritise voice 
(which cannot tolerate latency) and quite 
possibly upgrade WAN connections. 

The upgrades can be even more dramatic 
for large call centres. “When you do traffic 
engineering for a typical VoIP rollout, you can 
assume that people are on the phone 20 per- 
cent of the time,” says Elizabeth Ussher, vice 
president of technology research services at 
Meta Group. “But imagine the requirements of 
a large call centre with hundreds or thousands 
of people on the phone 85 per cent of the time 
and call monitoring. People get scared.” 


Security is also a major concern, particu- 
larly with the relentless rise in the network 
attacks. Many IT managers complain that 
the network monitoring and management 
tools that support VoIP are less than ade- 
quate. And merging voice and data staff has 
proven to be more difficult than originally 
thought. “In many companies you have a 
centralised IT and CIO, but the voice folks 
work out in the various business units and 
understand their requirements much better,” 
Blood says. 

“They can be absolutely critical in defin- 
ing where end points should sit and what 
functions and service levels are required and 
their very sound advice is often a revelation 
for IT. It’s the organisations that can get the 
voice and data staff to work together well 
that have the most successful VoIP imple- 
mentations.” 


VoIP’s edge 

In the face of such hurdles, how is enterprise 
VoIP being implemented today? It turns out 
that an increasingly popular scenario is a 
hybrid deployment that puts VoIP where it 
costs the least and produces the most ben- 
efit — leaving legacy phone systems in place 
everywhere else. “With a carefully targeted 
VoIP deployment you can get 70 per cent 
of the ROI with 30 per cent of the invest- 
ment,” says Jeanne Bayerl, director of busi- 
ness development at Alcatel SA. 

That’s where legacy vendors such as 
Avaya, Nortel, Mitel, Siemens and Alcatel 
excel. All offer integrated IP and legacy 
TDM-based phone systems that allow mix- 
ing and matching in every way imaginable, 
enabling gradual or partial IP implementa- 
tion. This scenario can make a lot of sense if 
you want to save money by retaining many of 
your existing legacy phones and you already 
have a relationship with one of these com- 
panies. 

The other side of the argument, how- 
ever, is Cisco’s all-IP strategy, which IBM’s 
McCauley describes very well. “If I’m look- 
ing where this is going in the future and 


— “We gave our telecommuters 
VoIP phones in their homes” 


Paul Shane, IT director at Milliman 


40 | Information Age | OcroBer/Novemper 2004 


who is likely to win, I might want a company 
like Cisco that can thrive, grow and provide 
all its capabilities in an Internet world, espe- 
cially if much of my data infrastructure is 
Cisco-based.” Cisco’s VoIP solutions can 
bridge to legacy phone systems, allowing 
you to keep both systems and many of your 
legacy phones in place, but you can’t get the 
hybrid functionality in one system from the 
legacy vendors. 

Greenfield deployments, particularly 
in new branch offices, are obvious candi- 
dates for full VoIP. You only have to build 
one infrastructure with one set of cabling, 
you get a chance to get your feet wet, and, 
if you wish, you can manage it all remotely. 
“Branch offices tend to have small PBXes 
and key systems with different levels of capa- 
bilities,” Bayerl says. “Connecting them to 
the main PBX via IP gives everyone a con- 
sistent solution.” 

Most legacy phone vendors let you con- 
nect these offices over an IP WAN to your 
central TDM or mixed TDM/IP PBX using 
a gateway. If you’re a highly distributed com- 
pany such as SouthTrust, with hundreds of 
branches or lots of retail stores, a complete 
IP overhaul across the organisation can make 
a lot of sense particularly if, as in South- 
Trust’s case, you're already planning a major 
data network upgrade. 

Another likely scenario is to provide IP 
phones to telecommuters and the parts of 
the staff, such as sales, that can benefit most 
from maximum mobility, at which IP excels. 
The telecommuter solution typically works 
with an IP phone and broadband connec- 
tion that links to the main office PBX over 
a VPN. “We gave our telecommuters VoIP 
phones in their homes,” says Paul Shane, IT 
director at Milliman, an actuarial and profes- 
sional consulting services organisation that 
has rolled out a hybrid solution from Alcatel. 
“Now we can give them a direct dial number 
here at the main office and all their calls ring 
on their remote IP phone in their homes.” 

For more mobile road warriors, a soft- 
phone installed on a notebook can provide 
an office phone in any location, even a hotel 
room or a Starbucks with a Wi-Fi hot spot. 
Some systems let you set up all calls to ring 
simultaneously on your IP phone and cell 
phone. This flexibility means better cus- 
tomer relationships, because calls get to the 
intended person much more often. 


Most of these vendors offer a mix of TDM-based and VoIP products so that VoIP can 
be applied where it provides the most benefit. For this reason, enterprise customers 
tend to choose the same vendor that sold them their legacy telephone equipment. 
3Com: One of the first IP telephony players from the data side, 3Com offers IP tel- 
ephone systems for small, medium, and large businesses. Its enterprise VCX V7000 
product interoperates with legacy PBXs and accepts legacy handsets for a gradual 
migration. 

Alcatel: This second-tier player offers IP phone systems with support for legacy 
devices to enable a gradual migration to IP. Its OmniPCX Enterprise IP PBX features 
native SIP (Session Initiation Protocol) support and Web services interfaces to inte- 
grate voice into business applications. 

Avaya: One of the biggest players in the legacy and IP telephony space, Avaya 
sells legacy, hybrid, and complete IP phone systems. Avaya’s Extension to Cellular 
feature rings incoming calls on desk and cell phones simultaneously and provides 
cell phones with office phone functionality. 

Cisco: The principal IP telephony player from the data side, Cisco offers complete 
IP enabled phone systems that can bridge to existing phone systems and a variety 
of phone types including wireless and XML enabled handsets. 

Mitel: A second-tier vendor that offers hybrid and complete IP phone systems, Mitel 
offers a unique Your Assistant app, which provides presence information and lets 
users manage all their communications from one interface. A YA Pro softphone offers 
multiparty videoconferencing. 

NEC: This diverse tech giant offers phone systems with a modular architecture that 
supports legacy, hybrid, and completely |P-enabled phone systems. 

Nortel Networks: One of the biggest players, Nortel offers legacy, hybrid, and 
complete IP enterprise phone systems to allow a gradual or complete migration to 
IP. Its Meet Me Conferencing application adds collaboration, presence, messaging, 
and video calling services and an i2050 Mobile Voice client runs on a PDA. 
PingTel: This IP PBX supplier recently went open source with SIPxchange, a SIP- 
based, customisable IP telephony platform that runs on standard server hardware and 
includes WebEx, along with tools for integrating VoIP with enterprise applications. 
Siemens: A major player in the legacy and IP space, Siemens offers hybrid and 
complete IP solutions for a gradual migration to IP. HiPath OpenScape is a suite of 
presence-aware conferencing applications and middleware that can be integrated 
with IBM, Microsoft, and SAP data application platforms. 

ShoreTel: Formerly Shoreline, it offers all-IP phone systems using an architecture of 
distributed, centrally managed IP voice switches. Switches can also accept Shore- 
line’s own analog phones. 

Spectralink: A key player in voice over Wi-Fi, SpectraLink offers wireless handsets 
for both legacy and IP phone systems through service, equipment, and application 
providers. 

Toshiba: A provider of legacy, hybrid, and IP-based phone systems, Toshiba’s major 
products include the Strata CTX100 and CTX670 IP-ready PBX systems. 

Zultys Technologies: This IP PBX vendor provides VoIP products that combine 
several functions in one box and work with third-party SIP handsets. 


Some companies, such as JetBlue, have 
taken this mobility to the extreme, creating 
completely distributed, virtual-IP-based 
call centres in which their entire staffs are 
actually working with IP phones in their 
homes across wide areas of the US. “VoIP 
gives you access to labour pools that didn’t 
exist before,” Avaya’s Jorge Blanco says. “You 
don’t have to provide a roof over their head 


and you can get highly educated people from 
any location.” Jenkins points out that you can 
take advantage of time zones to extend call 
centre hours — and that IP phones are great 
for the growing category of “day extenders” 
who continue working when they get home 
from the office. 

IP systems also allow better collaboration 
with branches and telecommuters, because 


Information Age | Octoser/Novemaer 2004 | 41 


| 
Are you ready for VolP? 


Switching to VoIP seldom makes sense if your legacy phone system accomplishes 
what you need. Business or technology changes, however, often provide the perfect 


opportunity to make the most of VoIP: 
Phone upgrades 


If you’re getting ready to upgrade your current legacy phone system or sign a new 
lease or Centrex service contract, now may be the time to migrate to a hybrid or 


complete VoIP phone system. 
Too much diversity 


Highly distributed organisations with many different types of phone systems and 
services incur lots of overhead. A single VoIP system may provide significant man- 


agement savings. 
Blank slate 


If you’re moving to new offices or adding new branch offices and need to build a 
network from scratch, then you can easily build VoIP headroom into your network 


plans. 
Job requirements 


Some disciplines, such as sales or marketing, can immediately benefit from the mobil- 
ity and converged applications that VoIP provides. These are the places to start with 


a hybrid VoIP system. 
Network upgrades 


Are you preparing for a major data network upgrade? If so, it might be time to set up 
your existing data network with the bandwidth and QoS to support VoIP. 


Virtual call centres 


Many businesses reap major cost savings from highly distributed IP-based call cen- 
tres that allow operators to work from their homes. VoIP provides inexpensive remote 


connections. 
Go left, go right 


Does your organisation experience lots of moves, adds, and changes among employ- 
ees every year? A conversion to VoIP may save you money. 


PRE TERN FGETS SET LTE ELE EST PE PO TE PP ED a IS EL SEE RE Oe TY 


they often provide built-in, easy-to-use audio 
conferencing. The benefits are even more dra- 
matic when you start converging VoIP with 
other real-time applications such as instant 
messaging, document sharing, and Web con- 
ferencing. Presence functions let users see on 
their PC screens exactly who is in the office 
and who is on the phone, so you waste much 
less time leaving voice mails or directing calls 
to people who are not available. 

It becomes much easier to pull people 
into instant virtual meetings, allowing for 
faster decision making. “IP allows the branch 
office to become much more integrated into 
the overall business,” Bayerl says. “If Jane in 
branch X is the worldwide expert in widget 
Y, it’s as if she were just down the hall.” VoIP 
also makes it easier to implement multimedia 
contact centres where the same people han- 
dle Web, chat and voice interactions concur- 
rently, and any of these communications can 
be routed quickly to available people with 
relevant expertise. 

Many analysts and vendors agree that 


the next phase will be integrating VoIP and 
other real-time communications into ERP 
and other enterprise applications. “By bring- 
ing real-time communications into business 
applications you can get over hurdles that 
used to stop a business process,” Bayerl says. 
“For example, if a process needs finance 
approval, the application knows that Joe in 
finance is the person with authority that is 
currently available and it can make a con- 
nection.” 

Cisco offers phones with LCD displays 
that can replace PCs in retail and other 
environments that have limited data access 
needs. Cisco and Alcatel’s phones support 
XML services that you can use to add access 
to billing, inventory, and other applications 
to the phone. 

Another application that is generating 
excitement is VoIP over the wireless LAN, 
which can be useful in warehouse, hospital, 
and retail environments and possibly move 
into the mainstream office. SpectraLink has 
been involved in this category for several 


years and Cisco is offering phones with Wi- 
Fi capabilities. 

At the Spring 2004 VON (Voice on the 
Net) conference, Ericsson, Motorola, and 
Nokia demonstrated hybrid wireless VoIP 
and cell phones that allow users to make 
calls over Wi-Fi networks when available, 
whether in the office or at a hot spot on the 
road, and via cellular when Wi-Fi is not. “I’d 
be happy to get rid of the phone on my desk 
if I could have a single phone to take with 
me that could tie into all those converged 
applications,” Meta’s Ussher says. 


The voice choice 

Such advanced benefits may be compelling, 
but not at the sacrifice of the typical call con- 
trol features offered by a standard PBX. For- 
tunately, those who decide to take the plunge 
into VoIP will discover that IP-based phone 
systems now support all the basics — call for- 
warding, caller ID, speed dialling, call hold, 
auto attendant, and so on. And voice quality 
is no longer a question. For most customers, 
the place to start is with their existing PBX 
vendor, which can help them deploy a hybrid 
system that retains legacy equipment. 

The nature of IP telephony also lends 
itself to hosted solutions. Verizon, AT&T and 
other players offer converged IP voice and data 
networks using a specification called MPLS 
(Multiprotocol Label Switching) that permits 
these carriers manage different service levels to 
accommodate voice. They’ve also been replac- 
ing TDM switches with IP — and some carri- 
ers have active plans to bring VoIP over the last 
mile directly to the home or business. 

This approach will make it easier for 
carriers to provide their own VoIP services, 
including videoconferencing, unified com- 
munications, and contact-centre applications 
that could replace or complement whatever 
an enterprise has on site. Until now, carriers 
have mostly served as VoIP integrators or 
have provided IP Centrex services for small 
and midsize businesses. 

Most agree that a major transition to 
VoIP in the enterprise is inevitable, but in 
most companies it will probably be a gradual 
process of greenfield branch office rollouts, 
deploying IP where it brings the most ben- 
efit, replacing obsolete legacy equipment, 
and gradually upgrading the data network 
infrastructure. Ultimately, every enterprise 
will find its own unique path to VoIP. @> 


os ee 


42 | Information Age | OctoseR/Novemser 2004 


Debunking long-held beliefs that could 
trip up your tech strategy 


By Jack McCarthy 


TIME TO FACE REALITY. Some of our bedrock assumptions turn out to be 
unfounded. And chief technologists can be subject to outdated beliefs as often as 
any professional. With that in mind, we’ve addressed six common IT myths and 
deconstructed them to give managers a clear view of some important assumptions 
that might otherwise throw a monkey wrench into their technology plans. 

We set about tracking down the sources of the myths in question and found 
nearly all had little basis in fact. 

For example, the myth persists that server upgrades matter. No way. Another 
myth: that business acumen is now the key to a successful CTO career. Not even 
close. And the one about 80 per cent of corporate data residing on mainframes? 
Check your maths. 

Our dogged reporters found many more time-honoured tales to debunk, 
proving once again that while common wisdom may indeed be common, it is 
not always wise. 


ILLUSTRATIONS: HAL MAYFORTH 


Information Age | Octoper/Novemaer 2004 | 43 


+ 


— 


Myth 1: 


Server upgrades matter 


REALITY: Don’t pay extra for 
upgradability; you'll never need it 
When was the last time you swapped out 
the processors on a production server? Have 
you ever ripped out a working system’s RAID 
controller and substituted one with bigger 
cache? How about pulling out a machine’s 
mirrored 18GB Ultra160 SCSI boot drives 
just to replace them with some 36GB 
Ultra360 spindles? 

Despite the fact that top-tier server 
manufacturers boast about the field upgrade 
capabilities of their server platforms, it’s a 
myth that anyone ever fiddles with a produc- 
tion system except to replace a blown part. If 
the server is less than a year old, chances are 
that it was ordered with the right parts and 


Myth 2: 
Eighty per cent of corporate data resides on mainframes 


REALITY: Try 50 per cent, 

or even less 

It’s past time to retire the myth that main- 
frames, those impenetrable-looking boxes 
understood by only a few IT magicians, still 
store 80 per cent of all corporate data. 

Since their introduction in the 1950s, 
mainframes have largely been the unchal- 
lenged gatekeeper for all mission-critical 
corporate data. IBM became Big Blue, the 
colour of their early mainframes, by pop- 
ularising mainframes with the company’s 
hardware and operating systems — and 
eventually its line of applications — and 
then gained an iron grip on the entire mar- 
ket for decades. 

But IBM’s early monopoly of the main- 
frame market came under attack in the 1970s 
and 1980s. With the arrival of the first mini- 
computers and then microcomputers, which 
both held the promise of distributing cen- 
tralised data closer to users doing the work, 
Fortune 1000 companies started demanding 
less reliance on mainframes. 


doesn’t need to be touched. If the server is 
more than a year old, nobody in their right 
mind is going to pop the top to crank the 
gigahertz. 

To research this myth, I contacted all the 
tier-one server manufacturers. Not one 
would formally cooperate when asked 
for statistics regarding enhancements 
to their servers, either by sales of 
upgrade parts or through calls made by 
their field-service teams. Some said the 
data wasn’t available. Others said it was 
proprietary information that couldn’t be 
released for competitive reasons. All claimed 
to find the question surprising — and were 
interested in reading the results. 


remain nameless, forwarded the informal 
comments of a marketing manager, whose 


Fortunately, one vendor, who shall name was removed from the e-mail. The 


But the birth of the Internet and the 
resulting flood of unstructured corpo- 
rate data, such as e-mails, Web pages, 
Microsoft Word documents, and 
various technologies to manage 
and store this digital data, has 
led many to conclude that the 
stranglehold mainframes have 
held on corporate data has 
been slipping. 
“In dealing with some of 
our clients, it is almost shock- 


ing to see some large organisa- 
tions’ financials being managed | 
in a couple of Excel spreadsheets. 
‘ Plus with all the blogs, instant 
~~ messages, e-mails that do not pass 

through a mainframe, the amount of 
data now residing on mainframes is now 


Even with the desktop revolution, the | probably in the neighborhood of 40 to 50 


notion that mainframes held at least 80 per 
cent of all corporate data remained intact 
through the mid-1990s in the minds of 
many. 


per cent,” says Stephen O’Grady, senior 
analyst at RedMonk. 

Reinforcing this growing trend, 
there is already an impressive amount of 


44 | Information Age | Octoper/Novemper 2004 


manager’s thinking echoed my own: “I 
believe the majority of customers purchase 
initially a server populated with the RAM and 
processors for future growth.” 

The manager added: “Many customers 
secure capital expenditures for the hardware 
and it is easier to purchase under this capital 
than to try to expense some more hardware 
down the line.” 

Another reason, of course, for not 
upgrading a system would include a fear of 
screwing things up, either by having hard- 
ware problems or by encountering difficul- 
ties with the operating system, drivers or 
applications. Given that there’s going to be 
only a minimal performance improvement in 
going from, say, 2.0GHz to 2.6GHz proces- 
sors while the rest of the server remains the 
same, what's the point in taking that risk? 

If one could generalise, then one would 
say: the smaller the server, the less likely 
its hardware is going to be touched after 


mission-critical financial data being gener- 
ated, shared, and managed out of the sight 
of mainframes, says Dana Gardner, senior 
analyst at The Yankee Group. “Some cor- 
porate users now have Spreadmarts — big, 
honking flat files in spreadsheets used to 
manage many business processes and in 
a really decentralised way,” according to 
Gardner. 

And with the aggressive promotion the 
past few years of dozens of integration strat- 
egies that threaten to tear down the tech- 
nology borders between mainframes and 
distributed platforms, some question the 
relevance of where data resides. 

“Does it even matter any more (where 
corporate data resides) is the more rel- 
evant question. I think it has less meaning 
today than it did a few years ago. In fact, 
the more you hold onto that old axiom, the 
more you point out it is a proprietary and 
isolated environment. I wouldn’t think any- 
one would want to continue promoting that 
idea,” says Steve Josselyn, research direc- 
tor of the global enterprise server solutions 
program at IDC. 

Another trend eating away at the main- 
frame’s dominance is the rise of SANs and 
NAS appliances. Although many such envi- 


investment in an eight- or 16-way server 


might warrant enhancements to its I/O 
backplane. It also might make sense to add 
processors, if some of the sockets were 
initially unpopulated. 


ronments have direct pipelines into main- 
frames where data can be shared back and 
forth, the inclination of more and more cor- 
porate users is to plant data on SANs and 
NAS devices. 

“Increasingly, the type of computer 


By contrast, it’s hard to imagine anyone 
doing much to the hardware on a dual-proc- 
essor 1U or 2U server or to a server blade, 
other than adding memory if needed. If that 
low-profile server can’t handle the workload, 
the solution would be to replace it with a 
more powerful server or to add more serv- 
ers to a load-balanced cluster. What about 
swapping the processors or adding a faster 
backplane? There’s no ROI for spending 
good money on old servers. 

When you're considering specifications 
for new servers, make sure the system fits your 
existing needs, and buy it with the headroom 
you anticipate requiring for the expected life 
span of the machine. Unless you have an IT 
culture that actually performs server upgrades, 
don’t plan on performing any, and don’t pay 
extra for features such as upgradable CPU 
cards capable of accommodating future proc- 
essor platforms. You won’t use them. 


By Alan Zeichick 


becomes irrelevant with the local-area stor- 
age networks and the increasingly sophis- 
ticated storage that has come into play,” 
says Hadley Reynolds, research director at 
Delphi Group. 

By Ed Scannell, Cathleen Moore 


SOURCE: IDC 


Open or Distributed Storage Capacity Dwarfs Mainframes 


Mainframes account for less than 4 percent of all new storage capacity. 


798,055 

"> Mainframe 

') Open or distributed systems 

556,012 
385,011 
308,051 
n q 23,729 19,277 28,808 
jedan ea ao oe 
2000 2001 2002 2003 


Information Age | Octoser/Novemeer 2004 | 45 


Myth 3: 


All big shops run multiple platforms 


REALITY: This ‘myth’ is closer to 
fact than fiction 

As the New Wave band Devo said, “Free- 
dom of choice is what you got. Freedom 
from choice is what you want.” Were 
they right; is having no choice easier than 
having to decide for yourself? Does this 
principle apply to IT? Do enterprises seek 
heterogeneity rather than single-vendor 
solutions? 

Experts agree this is not a myth. Some 
smaller companies are homogeneous, 
but larger companies inevitably become 
heterogeneous because of mergers and 
acquisitions, says Mike Gilpin, vice presi- 
dent and research director at Forrester 
Research. Besides, heterogeneity provides 
leverage. “It’s always useful to have some 
other vendor that you can use as a threat,” 
Gilpin says. 

An official at Oblix concurs. “(IT per- 
sonnel) like the leverage that they have by 
keeping it a heterogeneous environment,” 
says Ken Sims, vice president of marketing 
and business development at Oblix. 

“It’s gone to the vast majority (being) 
heterogeneous,” says David Bartlett, director 
of customer and partner programs at IBM’s 
autonomic computing group. Formerly, 
the ratio of homogeneous to heterogene- 
ous environments was about 80-20, but that 
ratio has at least reversed itself, Bartlett says. 
Companies’ desires to be global, to operate 
on a 24/7 schedule, and to be on the Internet 
have led the way to heterogeneity, Bartlett 
says. 

“Most customers today usually have a 
mix of server types,” according to Jim Goe- 
thals, infrastructure simplification program 
manager at IBM’s systems and technology 
group. 

“If you look at what's typically on a desk- 
top, for instance, that’s going to be Intel. 
Depending on the departmental environ- 
ments, they could have Intel-based servers 
or Unix servers, and when you get into the 
datacentre, you’re going to find mainframes” 
as well as Intel and Unix systems, Goethals 
says. 


Both heterogeneity and homogene- 
ity have their pros and cons. One-vendor, 
so-called proprietary solutions bypass the 
hardships of having to make systems work 
together that were not built to do so. Pro- 
prietary solutions, however, tie a user to 
the whims of one or just a few vendors 
and offer limited options. So-called open 
solutions give users a variety of technol- 
ogy choices, theoretically driving down 
costs, given that multiple suppliers have to 
bid for your business. IT administrators, 
however, can have their hands full mak- 
ing everything integrate in an open world, 


Myth 4: 


requiring development of an alphabet soup 
of standards. 

Just what exactly is an open system? If 
you talk to any technology vendor, it will 
tell you its system is open, whereas all the 
competitors’ systems are closed. The term 
open is usually applied to software or hard- 
ware that conforms to standards or features 
commodity parts. 

Whereas most shops desire heteroge- 
neity, some users prefer a single-vendor 
approach to at least part of their IT archi- 
tecture. The city of San Jose, for example, 
recently has come under fire for making 


CIOs and CTOs have a greater need 


for business savvy than tech expertise 


REALITY: Tech chops matter 
more than ever 

Job No. 1 for the first CIOs to emerge in 
corporate shops almost 20 years ago was to 
make sure the business goals of the corner 
office were being served by the technologies 
put in place by the IT department. They 
were to be the bridge between two very dif- 
ferent cultures. 


Simple enough. 
But during the past two decades, as technol- 
ogy has become inextricably entwined with 
a company’s core business strategies, many 
CIOs and, in larger companies, CTOs have 
been forced to spend an inordinate amount 
of time on the business side of the chasm. 
And as the number of technology 
projects has grown, many CIOs and CTOs 


46 | Information Age | OctogeR/Novemper 2004 


local networking vendor Cisco its supplier 
of choice for networking equipment at a new 
city hall under construction. 

In his 27 years of experience, Joe 
Poole, an IT official at Boscov’s Depart- 
ment Stores and manager of technical 
support, has watched his shop grow and 
diversify from a mainframe-only environ- 
ment to a mix of a mainframe running VM 
and Linux plus RISC Unix boxes and Intel 
systems. Some applications such as the 
company’s merchandise conveyor system 
and its graphical applications simply run 
much better on the newer platforms, he 
says. Poole believes that, these days, no 
one can continue to be a single-platform 
shop. 

“Nobody can, and I don’t think they 
will,” Poole says. 

By Paul Krill 


have pushed more decisions for individual 
technology purchases and their methods of 
implementation further down the organi- 
sational ladder. Too often, those making 
product decisions have been purely focused 
on technology and so have made tactical 
decisions without enough regard for how 
those decisions will benefit overall business 
goals. 

“One of the top reasons I think some 
IT projects go off course technically and/ 
or over budget, if not outright fail, is the 
lack of guidance from upper management 
on the technical side. Sometimes they 
shouldn’t be so fast with the rubber stamp 
until they get a better grasp on some of 
the technology they are asking their peo- 
ple to implement,” says Joe Johns, a LAN 
administrator at a large bank in North 
Carolina. 

Well, so much for the myth that CIOs 
and CTOs need more business savvy than 
technical expertise. In fact, there seems to 
be some concern from industry observers 
that CIOs and CTOs need to spend more 
time gaining a deeper understanding of 
technologies and products, particularly 
emerging ones. 

One of the major reasons CIOs and 
CTOs have been forced to focus more 
on business than on technology decisions 
has been the dotcom bust. With so much 


aimless spending on technology in the sec- 
ond half of the 1990s resulting in little ROI, 
many CEOs are demanding short-term if 
not immediate returns on any sizeable tech 
investment. 

“A lot of companies are in reactionary 
mode right now,” says Will Zachmann, 
president of market research companies 
Canopus Research and Agylity. “Now that 
we are in the dotbust era, the pendulum 
has swung back hard the other way, and it 
has everyone afraid to do much of anything 
technically.” 

But concentrating so narrowly on 
short-term financial gain forces the major- 


ity of CIOs and CTOs to defer the steady 


implementation of long-term technology 
visions until better economic times arrive. 
Such delays will only put them at a competi- 
tive disadvantage to those who are striking a 
more reasonable balance between ROI and 
high-tech investments. 

“Those CEOs and ClOs who are 
joined at the hip and who want only 
short-term ROI are myopic about where 
IT should be going technologically. An 
organisation that really understands IT 
technologies and what to do to turn (those 
technologies) into genuine competitive 
advantage can be in a great position right 


now,” Zachmann contends. 
By Ed Scannell 


Information Age | Octoser/Novemper 2004 | 47 


Myth 5: 


Most IT projects fail 


REALITY: It all depends on how 
you define failure 

Do most IT projects fail? Some point to 
the number of giant consultancies such as 
IBM Global Services, Capgemini and Sapi- 
ent, who feed off bad experiences encoun- 
tered by enterprises. “Sapient is a company 
founded on the realisation that IT projects 
are not successful,” says Sapient CTO Ben 
Gaucherin. 

Others counter by saying failure is rela- 
tive. Sure, many projects have minor system 
glitches or come in over budget, but they 
don’t rise to the “failure” status that would 
seriously harm the user’s business. 

“If a project is three months late or 5 
per cent over budget, that may be a dis- 
appointment, but it’s not a failure. That’s 
the case with most IT projects,” says Jim 
Shepherd, vice president of research at 
AMR Research and co-author of AMR’s 
2004 ERP report. 

Although there may be myriad ways that 
projects can experience problems, actual 
implementation usually succeeds, Shepherd 
says. 

The Standish Group, which exists solely 
to track IT successes and failures, sets out 


very strict criteria for success. For its Chaos 
Report, The Standish Group surveyed 13,522 
projects last year and showed that unqualified 
project successes are well below 50 per cent, 
34 per cent to be exact. Out-and-out failures, 
defined as projects abandoned midstream, 
are at 15 per cent. Falling in between the 
two are completed but “challenged” projects. 
The report says challenged projects repre- 
sent 51 per cent of all IT projects and are 
defined as projects with cost overruns, time 
overruns and projects not delivered with the 
right functionality to support the business. 
The level of success can be tied to the 
degree of user involvement, executive man- 
agement support, and having an experienced 


Project Success 


Smaller initiatives fare better at reaching goals than larger projects do. 


More than $10 million 2% 


$6 million to $10 million «11% 


$3 million to $6 million 23% 
$750,000 to $3 million nme 32% 
Less than $750,000 [ist itis 46% 


SOURCE: THE STANDISH GROUP 


project manager, in that order, the report 
says. 

For IT project consultancy Sapient, the 
key ingredient to success or failure rests on the 
processes a company puts in place to manage 
risk. In other words, it’s essential to identify a 
point of failure before it brings down an entire 
project. “The larger the project, the greater 
the chance of failure, and therefore the more 
effort you want to put behind managing risk,” 
Sapient’s Gaucherin says. 

Gaucherin adds that potential prob- 
lems can be managed by “bubbling up risk”, 
a methodology for identifying problems 
before they get out of hand. To that end, 
projects are put on a value chart with plot 
points becoming project milestones plotted 
over a time line. 

“As soon as we start veering off, we ask 
(ourselves) why,” Gaucherin says. 

Probably the news with the most dam- 
aging implications for IT projects is not the 
number of those that were abandoned, rather 
it’s those that were completed but offer fewer 
features and functions than originally speci- 
fied, says Karen Larkowski, executive vice 
president at The Standish Group. “Con- 
tent deficiencies of more than 50 per cent 
would most likely be considered a failure,” 
she says. 

But AMR’s Shepherd has another view, 
which he says is more realistic. “Failure 
would be a situation where orders stopped 
being taken, or the books couldn’t be closed, 
or the project itself was simply abandoned,” 
Shepherd says. “That’s rare.” 

By Ephraim Schwartz 


48 | Information Age | Octoser/Novemper 2004 


ene bi 


MEMBERSHIP APPLICATION FORM 


Please complete the form and print well within the boxes in clear CAPITAL LETTERS. You are required to attach 
relevant documents, as indicated by Evidence Required. Please refer to the Membership section on our website 
| www.acs.org.au for an explanation of Membership requirements and grades before completing this form. For further 
information and assistance with your membership application, please email us at applications@acs.org.au or phone us 


on +61 2 9299 3666. 
PERSONAL DETAILS 


Family Name Given Names 
Tite OMr OMrs OMs~ O Miss O Dr O Prof. O Other 
Date of Birth (dd/mm/yy) / / Country of Residence 


Preferred Name 


Are you a Citizen or Permanent Resident of Australia (Evidence may be required) Oo Yes O No 
Are you a member of a society where a discount may apply (Evidence required) 0 Yes O No 
CONTACT DETAILS Business Address Preferred Postal Address O 
Private Address Preferred Postal Address 0 Position 
Street Employer 
or PO Box Street 
City or PO Box 
State Postcode City 
Country State Postcode 
Phone Country 
Fax Phone 
Mobile Fax 
Email Preferred Email O Email Preferred Email O 
MEMBERSHIP REQUIREMENTS - EVIDENCE REQUIRED 
To view full ACS Membership requirements, visit www.acs.org.au and select Membership. 
O Attach copies of your formal academic transcript and testamur issued by the relevant institution. 


Attach a summary of relevant experience and positions held. 


O Provide contact details of 2 (two) referees who will verify your job title, dates of employment and outline your roles and responsibilities: 


Name (Including Title and First Name) Position and Company 


Email Address 


— 


MEMBERSHIP FEES 


Membership Schedule Fees Application Fee* Total 

Membership* $310.00 $110.00 $420.00 

Overseas Membership* $220.00 $100.00 $320.00 

Recognition of Prior Learning (RPL) $330.00 $ 0.00 $330.00 
* Application Fee is a one time, non-refundable charge. To view full ACS Membership Fee Schedule, visit www.acs.org.au and select Membership. 

/ 

PAYMENT 
Cheque O Money Order O Visa O Bankcard O MasterCard Diners O Amex 


(ee rc ee 


Name on Card: Signature 


Expiry Date 


ACS PRIVACY STATEMENT (available on our web site www.acs.org.au) 


To provide members with a wide range of benefits and services we sometimes contract appropriate third parties to provide some of these 
services. Members not wishing to receive communications from these ACS contracted service providers should indicate by ticking the box. 


L 1 do not wish to receive additional valuable information from contracted third parties O 


The ACS also lists the name and grade of new members in ACS publications. Members not wishing to have their personal details published 


should indicate by ticking the box. 
[ I do not wish to have my personal details listed in ACS publications O 


APPLICANT’S DECLARATION 


I declare that all information provided is true and correct, and if admitted to the Society, I undertake to be bound by the Rules, Reguations and 


Codes of both the Society and the Branch in which I am enrolled, as amended from time to time. Ref 


Ref Code #0407 


Signature: é Application No. | Member 1D _| Receipt No. | 


Office Use Only 
Date: | 


Myth 6: 
IT doesn’t scale 


REALITY: Virtually any technology 
is scalable, provided you 

combine the right ingredients and 
implement them effectively 

At one time or another, nearly every kind 
of information technology has been judged 
and found wanting. The failures are often 
summed up in that most damning of epithets: 
“Tt doesn’t scale.” The reason, of course, is 
that at one time or another, for one reason or 
another, every kind of information technol- 
ogy has failed to scale. 


Unfortunately for the victims tarred with 
that brush, scalability is a wildly imprecise 
term. Applications may be expected to scale 
up to massive server farms or scale down to 
handsets. And size is only one axis of scalabil- 
ity. Others include bandwidth, transactional 
intensity, service availability, transitivity of 
trust, query performance, and the human 
comprehensibility of source code or end-user 
information display. 

There is no magic bullet that will slay 
all of these demons, but that doesn’t stop us 
from trying to find one. Case in point: the 


recent furore that erupted when Friendster, 
a social-networking service, switched from 
J2EE to PHP and improved its response 
time dramatically. Reacting to a long history 
of allegations that “scripting languages don’t 
scale”, advocates of PHP could now gleefully 
assert, “Java doesn’t scale”. 

The debate generated a lot of heat 
but also shed some light on what PHP’s 
inventor, Rasmus Lerdorf, calls its “shared 
nothing” architecture. Because PHP is 
stateless, he explains, potential bottlenecks 


are pushed out of the Web tier and into 


the database tier. If you’re using Oracle, 
Lerdorf says, scalability is proportional 
to “how big a cheque you write to Oracle 
every year”, and if you’re using MySQL or 
PostgreSQL, “it comes down to whether 
you have configured replication correctly 
and have a nicely architected tree of data- 
base machines”. 

Of course, Java can be used in a similar 
way. When eBay made its widely publicised 
switch to J2EE, the statelessness of the new 
architecture was cited as a critical success 


factor. “Part of the mandate of EJB is to be 
stateless,” says Sun Distinguished Engineer 
John Crupi, whose team helped redesign 
eBay. The revised architecture used state- 
less session beans, avoided clustering, and 
focused on a set of business objects backed 
by eBay’s highly customised database tier. 

In the end, scalability isn’t an inherent 
property of programming languages, appli- 
cation servers, or even databases. It arises 
from the artful combination of ingredients 
into an effective solution. There’s no sin- 
gle recipe. No matter how mighty your 
database, for example, it can become a bot- 
tleneck when used inappropriately. Many 
dotcom-era Web publishers learned that 
lesson the hard way when their database- 
driven sites were crushed by the Slashdot 

horde. 
The current blogging revolution rep- 
resents, among other things, a more 
optimal balance between two synergis- 
tic methods: serving dynamic content 
from a database and serving cached, 
static content from a file system. 
It’s tempting to conclude that the 
decentralised, loosely coupled Web 
architecture is intrinsically scalable. 
Not so. We’ve simply learned — and 
are still learning — how to mix those ingre- 
dients properly. Formats and protocols that 
people can read and write enhance scalability 
along the human axis. Caching and load-bal- 
ancing techniques help us with bandwidth 
and availability. 

But some kinds of problems will always 
require a different mix of ingredients. 
Microsoft has consolidated its internal 
business applications, for example, onto a 
single instance of SAP. In this case, the suc- 
cessful architecture is centralised and tightly 
coupled. 

For any technology, the statement “X 
doesn’t scale” is a myth. The reality is that 
there are ways X can be made to scale and ways 
to screw up trying. Understanding the possi- 
bilities and avoiding the pitfalls requires experi- 
ence that doesn’t (yet) come in a box. @> 

By Fon Udell 


hse | Information Age | OctoBeR/Novemeer 2004 


Why ICT needs 


EMO TIONALLY 
INTELIGENT 


} By John Batros 


Synopsis 
This paper will argue that emotional intelligence [EI] is a necessary 
if not sufficient condition for ICT team leaders. 

It will draw upon recent research into the EI of Australian man- 
agers and use Swinburne University of Technology’s Genos EI model 
to introduce the concept. Using the five dimensions of the model as 
a platform, arguments will be mounted for the positive effects for 
leaders and followers in all groups, in particular ICT teams. 

El is a human competitive edge, which can be leveraged for lead- 
ership development, promotion and synergistic results. It affects bot- 
tom line outcomes and team members’ satisfaction. 

This paper will argue that ICT leaders will need to become more 
emotionally intelligent to ensure that optimal expression of emotion 
is brought to bear on rational ICT decisions in groups to maximise 
productivity. 


Introduction 
For too long, professional managers have eschewed the soft skills. 
Pejorative attacks on human relations, “tree hugger”, “airy fairy” 
and “touchy feely”, were regularly heard in the dry downsizing 80s 
and “tech boom” 90s. These attacks are driven by anxiety about the 
difficulties of managing people face-to-face. 

In addition, influenced by a brilliant and ever expanding tech- 
nology, many ICT professionals have retreated into isolation and 


individual pursuit. Learning to lead and follow in teams has been 


team leaders 


“Soft skills have hard consequences” 


— Goleman 


difficult, especially as messy human beings with irrational emotions 
must be faced if synergistic outcomes are to be gained from ICT 
project teams. 

Optimal levels of emotion assist rational ICT decision making. 
Neither too much nor too little emotion is optimal. The emotional 
centres of the brain are an integral part of what it means to think, 
reason and to be intelligent. Emotion is absolutely necessary for us 
to make good decisions, take action to solve problems, cope with 
change and succeed [Caruso & Salovey 2004 flyleaf]. 

The new ICT team leader will be psychologically present, pas- 
sionate about her work and will manage her people in such a way 
that they can bring themselves to their roles. She will enable each 
team member to be maximally powerful. 


Genos El and the Swinburne research 

Professor Con Stough and Dr Ben Palmer have developed through 
extensive research of Australian executives and workers, a five-dimen- 
sional model of emotional intelligence, Genos EI. They are: 
Emotional recognition and expression (in oneself) — 

The ability to recognise one’s own feelings and emotional states, and 
the ability to express those inner feelings to others. 

Understanding of emotions external — 

The ability to identify and understand the emotions of others and 
those manifest in external stimuli (ie, workplace environments, staff 
meetings, literature, artwork etc). 


Information Age | Ocroger/Novemeer 2004 | 51 


Emotions direct cognition — 
The extent to which emotions and emotional knowledge are incor- 
porated in decision making and/or problem solving. 
Emotional management — 
The ability to manage positive and negative emotions both within 
oneself and others. 
Emotional control — 
How effectively emotional states experienced at work such as anger, 
stress, anxiety and frustration are controlled 

Each person obtains a percentile ranking on each dimension 
from the application of the Genos EI instrument (which can be taken 
online). This is not an absolute measure but places the participant 
along a continuum related to scores of a large sample of Australian 
executives or workers. 

Working with a consultant, an ICT manager can determine the 
meaning of his profile and determine whether it is appropriate for his 
context. Development plans can be created with the person. 


r 7 


replaced with “How can I bring myself to my role?” That is, “How 
can I both play my role and be myself in role?” 

There are three zones of awareness — the Outer Zone 
(everything outside me including others and the tasks we have 
to do), the Middle Zone (thinking, judging, intellectualising, 
analysing, blaming) and the Inner Zone (feelings, emotions, 
sensations). 

Unless an ICT leader expresses her feelings she will be 
mistrusted. To be present to my people, it is necessary first to 
be present to myself. I must be aware of my feelings as well as 
thoughts and the external environment. Expression of my feel- 
ings to others lets them know where I am coming from and by 
self disclosure invites reciprocal self disclosure. Increased mutual 
openness leads to trust. 


The transport engineering case study 

T administered Genos EI to the general manager, transport engi- 
neering, of a large international company. His report showed him 
at the 8th percentile on dimension | [emotional awareness and 
expression] and the 99th percentile on recognition of emotion 
in others. He could read others like a book but did not reveal 
himself to them. 


Be psychologically present! For too 
long we have been taught by our 
organisations to keep our feelings out 
of it. As if we could! 


FIVE DIMENSIONS OF El: GROUND 
RULES FOR ICT TEAM LEADERS 


1. BE AWARE OF YOUR EMOTIONS AND 
EXPRESS THEM 


Be psychologically present! For too long we have been taught by our 
organisations to keep our feelings out of it. As if we could! Valuable 
psychic energy is wasted in the attempt and reduces creative pos- 
sibilities. To be psychologically present means being aware of my 
feelings and thoughts in the moment. I am then able to bring both 
into the service of the task. 

Bring my self to the role! Recent theory (Hirschhorn 1988, 2002) 
recommends that we bring ourselves to our roles. The old Descartian 
question, “Should I play my role at work, or be myself at work?” is 


The GM had a strong engineering background with sig- 
nificant ICT components. When I explained the dimensions 
and asked him about them, he was puzzled. Yes, he was great at 
negotiating multimillion dollar contracts because he could read 
the other party’s body language with great accuracy. However, 
his own team did not trust him and were demotivated. Further 
he had a European background and claimed to be a very pas- 
sionate person. 

The penny dropped; he said: “At home I express emotions a lot; 
but at work I have learned not to express my feelings. My people 
cannot see where I am coming from and distrust me don’t they?” 
What a wonderful self-diagnosis. 

He could now decide how much to express his feelings in order 
to make better contact with his team members and build trust. 


Contactful communication, here and now 

When you and I are aware of our three zones of awareness and 
express them, we communicate contactfully, here and now. This con- 
tact releases psychic energy in the present moment. In turn, these 
energies combined produce synergy. 


52 | Information Age | Octoer/Novemeer 2004 


Case study: “I am feeling alarmed...” 

Tom, a member of an ICT organisation whose culture prohibited 
“feeling talk” and “I language”, was attending a strategy meeting 
attended by 10 people. He noticed that the meeting was dull and 
lifeless although the decisions to be made were critical to the future 
effectiveness of the organisation. Only one or two members of the 
team were speaking at the meeting. 

Tom noticed that he was becoming increasingly alarmed at the 
direction the emerging plan was taking. Taking courage, he stood up 
and said: “I feel alarmed at the emerging direction of the strategic 
plan” (and waited for the crunch). 

To his surprise, three others came to life: “We feel alarmed too.” 
With that, the whole team came to life and the strategic direction 
was radically changed. 

As they were leaving the meeting, several members approached 
Tom and said: “Thank you for speaking up. I was worried about the 
decision, but no way would I have expressed my feelings unless you 
had expressed yours. I thought I was the only one to feel this way.” 

Reason may be slave to the passions (Hume), but without passion, 
reason is bereft and sterile. Expressing feelings is a team skill, neces- 
sary for trust and openness; awareness and expression of emotion are 
necessary but not sufficient conditions for team excellence. 

The ICT team leader must become an aware expresser and lead 
the way in modelling these behaviours, encouraging others to learn 
them. 


2. RECOGNISE YOUR ICT TEAM MEMBERS’ 
EMOTIONS AND EMPATHISE WITH THEM 


H@ Empathy: Recognising others’ emotions helps ICT leaders enter 
the worlds of their followers. They feel accepted for “who they 
are, even that they are” (Hycner & Jacobs, 1995). 

H Understanding emotion in others produces trust: People feel 
understood. You do not have to agree with what they say, but 
show that you truly have listened and understood. “Seek first to 
understand, then to be understood” (Covey 1989). 

H Reduces defensiveness: ICT team members’ defensiveness is 
reduced enabling them to be psychologically present and there- 
fore release their energy for the task at hand. 

H Allows thoughts to find thinkers: The reduced anxiety in the team 
enables rational thinking. 

M Recognising emotion in others includes and acknowledges their 
worth in the team. Everyone has a deep need to be met, recog- 
nised, respected and appreciated. 

@ Leader as empathiser: ICT team leaders should be able to rec- 
ognise emotions in others. In so doing they bring EI to bear on 
the leadership role. 


3. USE YOUR FEELINGS TO INFLUENCE DECISION 
MAKING IN YOUR ICT TEAM 


H Feelings enhance rational judgment. One of the great insights 
of recent research is that optimal levels of emotion inform 
rational decision making [Nussbaum, 2001]. While it is true 
that too much emotion, like too much conflict in a team, is 


bad for group decision making, it is equally true that too /ittle 
emotion is bad, too. 

M@ They are doorways to meaning. Our emotions store hard-won 
experiences; they are results of our history and development as a 
person 

M Emotions are irrational but not meaningless. In B-School, we 
have been indoctrinated that science and rational thought are 
the only ways to truth and that passions and emotions should be 
eschewed. They can only interfere. Feelings are not meaningless 
and are well-springs of creativity. Ignore them to your cost. 

Hi Gut feel produces intuition. When team members pay attention to 
the irrational, new ideas emerge by themselves. “Lose your mind 
and come to your senses” — (Herman & Korenich, 1977.) Let 
us take rationality as far as it can go, but then let us listen to our 
guts. When we allow ourselves to become aware of our emotional 
reactions without analysis, they will inform our judgments. 

H Emotions produce synergistic outcomes for the ICT team. When 
ICT team members are freed of their intellectual shackles and 
fear of being judged incompetent or stupid, creative intuition in 
individuals and the group is released. 

H The leader as team facilitator: The successful ICT team leader 
does not lose his or her critical faculties, but suspends them occa- 
sionally, inviting emotional expression to excite team members to 
their best efforts. Brainstorming is one process which invites right 
brain activity, intuitive felt responses as well as thoughtful ones. 
Lead creativity first; critique later. 


4. MANAGE THE EMOTIONS IN INTERPERSONAL 
RELATIONS WITH YOUR ICT TEAM MEMBERS 


The leader as container: 

Mt The age of anxiety did not end in 2001 

M The downturn in the ICT industry is still having its effects 

H@ No longer can team members feel as secure as they did in 
the 1990s 

H@ Downsizing, restructuring and the general view that loyalty has 
nothing to do with the workplace, create anxiety, competitiveness 
and uncertainty. 

HM Often these factors are accompanied by increasing workloads 

churning” and 


6 


under the Newspeak of “doing more with less”, 
“work smarter not harder”. 

H@ Leaders can ignore these anxieties or manage them. They are 
often unaware that feelings of frustration, anger and resentment 
are undermining teamwork. 

M@ ‘Team leaders will need to hold the tensions of their people while 
managing their own anxieties if their team are to be optimally 
effective. They will have to be able to give hope to the ICT team 
that its primary task can be achieved under stressful conditions. 


Assertively managing conflict: 

H Conflict must be viewed as an asset! It must not be avoided, 
crushed or smoothed over 

M@ Neither aggressive nor passive, the new ICT team leader will 
invite conflict to be fully expressed so that the latent energy within 
it can be turned towards team purposes. 


Information Age | Octoser/Novemeer 2004 | 53 


@ The EI team leader will need a range of assertive skills which 
respect the rights of all parties in order to manage interpersonal 
conflict and produce Win-Win outcomes. 


Facilitate the storming stage of group development; 

teams grow through five stages of group development 

[Tyson, 1998]: 

@ Forming (inclusion and acceptance) 

M@ Storming (conflict and control) 

@ Norming (cohesion and conformity [groupthink]) 

H@ Performing (team work and achievement) 

@ Adjourning (separating and celebration at the end of the ICT 
project). 


ICT team leaders must adapt their management styles to 
each stage of group development. Each requires emotional 


Case study: Team building with the partners of 
International Consultants 

I was invited to conduct a two-day training program in interpersonal 
and team skills for IC. IC specialised in process re-engineering, organi- 
sation development and systems change involving ICT: The managing 
director wanted the program to be conducted with the 10 local partners. 
Unknown to me, they saw it as a team development workshop. At the 
end of the first day one partner said at dinner, “Why don’t you open it 
up to what we want to do tomorrow?” Naively, I took the bait. 

Next day, I opened the forum with the partner’s suggestion. It 
was agreed to create an agenda there and then. I went to the flip 
charts and began to write their suggestions which flowed readily. As 
time went on, I noticed I was feeling increasingly full in the stomach 
and commented on this in passing. 

Half an hour passed and I now felt both full and worried. I was 
doing almost all of the work and we were getting nowhere. This 
could go on all day... 

I hypothesised that I was “filling up” with their projections, 
including their split off ability to lead. 

I decided to quietly walk off-stage, sat behind the group and said, 


Expressing feelings is a team skill, 
necessary for trust and openness; 
awareness and expression of emotion 
are necessary but not sufficient 
conditions for team excellence 


management so that the social or maintenance needs of the 
team are met. Only when people’s needs for inclusion, safety, 
influence, belonging, acceptance and respect are met can they 
get on with the task. It is critical that ICT team leaders have 
highly developed interpersonal skills as well as knowledge of 
their domains. 


Treating feelings as data about the team 

H Projection: The team members unconsciously split off their 
feelings and project them into the leader. The EI leader 
becomes aware of his or her emotions and recognises that they 
are not all his or hers. They treat their own affective states 
[feelings] as data about how their followers might be feeling 
and check it out. 

@ Metabolising emotion: By not “acting out” difficult feelings, but 
containing them, anxiety and anger can be turned into hope and 
team effectiveness 


“T think I am doing all the work. This is your problem; I am not speak- 
ing for the next 30 minutes.” My anxiety went up. Could I do this? 

One or two questions were directed to me. “What do you want 
us to do?” I did not answer. One partner said: “He’s not going to 
answer you know.” 

They solved the problem in the next 10 minutes. 

By becoming aware of my own feelings, I treated them as data 
about the group. By controlling and containing them, I was able 
to choose an effective course of action which returned leadership 
authority to the partners. [In this case all five dimensions of Genos 
EI were at play!] 

The Leader as Healer: The ICT team leader who pays attention 
to the heart as well as to task issues will be more effective. 


5. APPROPRIATELY CONTROL YOUR OWN 
EMOTIONS AS ICT TEAM LEADER: 


Control your own emotions when you are severely anxious: 
H@ Uncontrolled emotion is ineffective 
CO Aggressive emotional outbursts can frighten people or 
ignite hostility 


54 | Information Age | October/Novemper 2004 


LC] Denying, avoiding or deflecting strategies do not work 
either 
H@ Over-controlled emotion can be ineffective 

Air Traffic Control team leaders are high on EC: They can keep 
calm while aware of their own feelings and those of their followers. 
They consequently can manage their and others’ emotion and act 
constructively in times of crisis. 

Change irrational thinking in order to reduce your anxiety: Since 
our thoughts affect the way we feel, changing thoughts that cause 
anxiety can reduce it to manageable levels. 

Reduce catastrophic thinking: If you can learn to become aware 
of thoughts and beliefs that are catastrophic, and alter them for more 
realistic beliefs, then emotions can be controlled and effective action 
can be taken. 

Maintain appropriate levels of emotion to enhance performance: 
Again, it is optimal levels of emotion, not absence of emotion that 
is the desired state. No emotion can be a symptom of being out of 
control, too detached from the tasks and the people who have to do 
them; psychological absence. 

Stay aware of your emotions: Another powerful means of 
controlling emotion is simply to stay aware of them. Go deeper 
in. Accentuate them. The paradoxical theory of change entails 
that by becoming aware of what is the case, change automatically 
occurs by itself. ‘Planned change never ever functions . . . [Perls, 
1969]. 

Anxiety is suppressed excitement. By staying aware of my 
feelings [Dimension 1] I will often find what is behind them. 
One feeling changes into another as I pay attention to it. Anxiety 
becomes excitement, excitement becomes an idea, the idea sug- 
gests a thought, the thought entails action, action leads to team 
effectiveness. Leaders of ICT teams will respect their own feel- 
ings, especially when they feel out of control. They will contain 
them but not ignore them so that they will act effectively rather 
than fight or flee. 


Conclusion 

I am arguing that increasing competence in the five dimensions 
of Genos EI will enable ICT teams to be much more effective. 
Both followers and leaders need to be EI to maximise value. 

I am not arguing that El is all there is to it. On the contrary I 
believe that rational task process skills and knowledge are as valu- 
able and necessary now as they have ever been. I do not advocate 
the denial of business and strategic planning, decision making, goal 
setting, problem analysis, potential problem analysis, world’s best 
practice, KPIs and the formulating of purpose, mission and vision 
statements. 

I argue that the factor of production which is under-utilised is 


Emotional Intelligence. It complements rational judgment and other | 
management processes. Goleman [1998b] claims that EI has twice the | 
effect on leadership than IQ. Both are necessary. All of those who must | 


get their work done with and through others (ICT project team lead- 
ers, consultants, salespeople, software architects, programmers, opera- 
tions managers, systems designers, suppliers and customers) must pay 
attention to their level of EI in order to leverage the human potential 
of individual people, teams and the organisation as a whole. 


Information and Communications Technology needs emotion- 
ally intelligent team leaders, for soft skills have hard consequences 


(Goleman). 


References 

Batros, John G. 2002 ‘Emotional Intelligence: The intelligence of 
emotion’, Local Government Manager, October/November, p 8 
Caruso, David R. & Salovey, Peter 2004 The Emotionally Intelligent 
Manager San Francisco: Jossey-Bass 

Covey, Stephen 1989 The Seven Habits of Highly Effective People NY: 
Simon & Schuster 

Goleman, Daniel 1996 Emotional Intelligence — Why it can matter 
more than IQ Bloomsbury: London 

Goleman, Daniel 1998a Working With Emotional Intelligence 
Bloomsbury: London 

Goleman, Daniel 1998b ‘What Makes a Leader?’ Harvard Business 
Review Nov-Dec, p93 

Goleman, Daniel 2000, 2004 ‘Leadership That Gets Results’ Har- 
vard Business Review Mar-Apr p80 and January 2004 [reprinted] 
Goleman, D., Boyatzis, R. & McKee, A. 2002 The New Leaders 
— Transforming the Art of Leadership into the Science of Results Little, 
Brown: London 

Herman, Stanley M. & Korenich, Michael 1977 Authentic 
Management: A Gestalt Orientation to Organisations and Their 
Development Reading Massachusetts: Addison-Wesley 
Hirschhorn, Larry 1988 The Workplace Within Cambridge, 
Massachusetts: The MIT Press 

Hirschhorn, Larry 2002 Managing in the New Team Environment 
USA: Author’s Choice Press 

Hycner, Rich and Jacobs, Lynne 1995 The Healing Relationship in 
Gestalt Therapy NY: Gestalt Journal Press 

Nussbaum, Martha 2001 Upheavals of Thought — The Intelligence of 
Emotions Cambridge University Press: Cambridge & New York 
Stough, Con &Palmer, Ben 2002 Genos Emotional Intelligence: 
Accreditation Manual Genos Pty Ltd 

Tyson, Trevor 1998 Working With Groups 2nd edn South Yarra: 
Macmillan 


Jobn Batros is a “pracademic”. He lectures on leading teams in the 
Australian Graduate School of Entrepreneurship at Swinburne and is 
an organisation development consultant specialising in emotional intel- 
ligence, team development and process facilitation. Formerly with Shell 
and BHP, he has qualifications in education, science, philosophy and 
Gestalt therapy. His vision is to help people to bring themselves fully 
to their ICT roles. 

He is MD of Eudaemonia HR Consultants. eadaemonia@bigpond. 
com 

This paper was delivered at the ACS National Conference, Mel- 
bourne, September 2004. 


John Barros will facilitate a two-day workshop called “Successful ; 


and Productive Teamwork” for the Victorian branch of the ACS © 
on October nd. 28. Details at acsvic.com 


Information Age | October/Novemeer 2004 | 55 


Holistic education 
essential 


- toa degree 


By Beverley Head 


A third of the skills nominated as essential 
in current ICT job advertisements are 
interpersonal, non-technical skills 


THIS STATISTIC, unearthed by the most 
recent ICT Skills Snapshot, suggests that even 
a first class honours degree in computing may 
not be enough to land you a job, if you can’t 
communicate, or display an ability to work as a 
member of a team. As the Snapshot reveals: “As 
the demand data has shown, interpersonal skills 
(particularly communication skills) are manda- 
tory; so graduates from a technically focused 
course may find it more difficult to find a job.” 

For the universities, this adds a further 
layer of difficulty in terms of keeping up 
with the requirements placed on graduates 
by employers. Already pressured to give 
students a good grounding in theory, while 
exposing them to current marketplace tools 
and techniques — they are now going to 
have to equip them to work as effective team 
members and communicators as well. 

Brian Donovan is the chief executive 
officer of the IT Skills Hub which prepares 
the Snapshot, and he believes that one of 
the real pressure points now being faced by 
the tertiary education sector is “around the 
area of business skills and interpersonal skills. 
Employers now want people who bring busi- 
ness and technologies together. What we need 
is a reflection of that in the curriculums.” 

While Donovan says that there are some 
emerging examples (for example at Swinburne 
University of Technology, University of Tech- 
nology Sydney and Monash) of courses which 
combine technical content with development 
of interpersonal skills, “it is still patchy and we 
need a more concerted effort. 


“Industry is feeling the pinch and they 
need people to be more versatile,” he notes. 

Universities already grapple to balance 
education and training. They know they need 
to provide students with a good grounding in 
theory and principles, and interlace that with 
practical exposure to current tools and tech- 
nology. At the same time they understand that 
the traditional eight-year cycle of curriculum 
refresh is too slow for ICT courses, and so 
need to tinker continually with content and 
tools to ensure that each intake of students is 
studying the most relevant content possible. 

The reasoning behind their attempts to 
balance theoretical grounding and practical 
exposure to current generation tools is sound: 
an undergraduate exposed only to the theory 
probably won’t be much use to an employer 
for some time — where one exposed only 
to current tools will quickly find themselves 
outdated and hard pressed to find work. A 
mix of both is the best approach. 

Alice Watkins, director of industry liaison 
at the Faculty of Information Technology at 
UTS, confirms that “the goal of a perfect match 
between industry needs and what education and 
training are able to provide at any point in time 
is an elusive one. There is a time lag between 
recognising the technology skills needed, devel- 
oping and marketing appropriate courses and 
then completing the training of the students.” 

Elusive as the goal may be, it is still being 
sought in our tertiary institutions. 

As the Skills Snapshot notes, Victoria is 
the largest source of ICT university enrol- 


ments in Australia with around 35 per cent 
of the total Australian population of students. 
(In 2003 77,004 students were enrolled in 
tertiary ICT courses in Australian univer- 
sities). Among Victoria’s ICT institutions, 
Monash stands out, being one of the largest 
such faculties in the world. 

Professor Ron Weber, dean of the faculty 
of IT at Monash, is attempting to address the 
speed at which curricula change by implement- 
ing incremental changes throughout a course’s 
life, making it more relevant with each small 
change without sacrificing long-term quality. 
He says that besides balancing theory and prac- 
tice, the university is also attempting to ensure 
students get valuable exposure to real-life situa- 
tions which will provide them with those much 
sought after interpersonal skills. 

“One degree is the Bachelor of Business 
Systems which has an industry-based learn- 
ing component,” says Weber. Far more rig- 
orous than the old sandwich style degrees 
where a student was sent out into industry to 
flounder on their own for six or 12 months 
before returning to the university fold, the 
industry-based learning components feature 
very directed learning which is closely moni- 
tored by the university, says Weber. 

He acknowledges that such a component 
is not available to each student, but says that by 
harnessing techniques such as project or studio 
classes, every student gets the opportunity to 
work in teams and learn interpersonal skills. 

“One of the foci we have in terms of 
industry-based learning is that parts of the 


56 | Information Age | Octoser/Novemser 2004 


course depend on teamwork, and teach stu- 
dents how to endure the frustrations of such 
teamwork,” he says. Such experience better 
prepares graduates for real-world situations. 

Something similar is in train at UTS 
where students undertake a full-time practi- 
cal workplace experience for up to a year of 
their degree course. Says Alice Watkins: “The 
UTSIT degree programs have also established 
strong links with industry to ensure that as far 
as possible teaching is relevant to contempo- 
rary needs. Students therefore graduate with 
the capacity for longer-term high-level devel- 
opment as well as with some relevant work- 
ready skills and experience.” 

Watkins also points to the strong demand 
for career professionals who will rise through 
the ranks of the industry and the value that 
a university education can confer on them. 
“These professionals need to understand 
how the big picture hangs together and to 
be able to drive it forward. To do this they 


also need skills including communication, 
problem solving, project management and 
critical analysis which are all developed in a 
university education.” 

Michel Hedley, national manager of IT 
workforce policy for the Australian Infor- 
mation Industry Association, confirms this 
trend emerging in universities to incorpo- 
rate many more business skills into their ICT 
curricula. “They are introducing teamwork 
and personal research and communications 
skills so that it is more of an IT professional 
that emerges,” he notes. 

At the same time the osmosis of IT skills 
into many other disciplines means that gradu- 
ates with significant IT skills are emerging 
from marketing or commerce faculties, he 
says. And a new associate degree which is due 
to be piloted with overseas students at TAFE 
in NSW next year may also give university stu- 
dents a run for their money in the jobs stakes. 


While the Hub’s Donovan acknowledges 


that in the current climate there is possibly 
a small oversupply of ICT personnel, there 
are still difficulties finding people with par- 
ticular skills. He nominates IT security and 
IT risk management as particular points of 
industrial pain being only slowly addressed 
by universities. Donovan says that in the case 
of IT risk management he is aware of only a 
single course — a Masters at the University 
of Southern Queensland. Next year of course 
there could be dozens of other courses, but 
by then demand may also have moved on. 

But whatever the current fad, Alice Wat- 
kins remains adamant that a holistic approach to 
education be maintained. “What is important 
for the IT industry as a whole is that a healthy 
balance exists between short-term skills training 
and longer term education,” she says. @> 


Beverley Head is a journalist who has been 
writing about the business of information technol- 
ogy for the last 20 years. 


2CCP 


Pew 


If you update your details now by logging 
onto the ACS Members Only website, 
you could win a bottle of Grange! 


Visit http://members.acs.org.au for 
details on how you can win this delicious 
prize! 


Terms and conditions apply. This entry excludes 
residents of the Northern Territory and those 
residing outside Australia. 


ACS045 


Information Age | Octoer/Novemeer 2004 | 57 


(ogee 
TRANSPOR I” 


TRANSPORTATION is undergoing a 
quiet revolution in its quest for enhanced 
safety, security and efficiency in the carriage 
of people and goods, both in the services 
offered and in the infrastructure, vehicles 
and, most of all, the information and control 
systems that make it all work. 

Challenges for ICT professionals abound 
in ITS: everything from business process 
modelling and information architecture to 
verification of the non-functional require- 
ments for distributed system performance 
and availability. Perhaps the most important 
challenge is to attract ICT professionals to 
the throng of transport planners, civil and 
electrical engineers, and equipment suppliers 


By Chris Skinner 


and integrators to add value in the logical 
modelling and design and delivery of infor- 
mation and deployment architectures for 
ITS. 

So far, the track record of ITS deploy- 
ment has been mixed, the result of many fac- 
tors including uncertainty regarding benefits 
to be obtained. Some ITS projects have been 
manifestly successful while the user benefits 
of others are not as clear. The challenge now 
is to resolve the difficulties experienced in 
defining the required services, their benefits, 
the issues for integration and interoperability, 
and providing effective strategic approaches 
to deal with these issues effectively. 

Most people are aware of the colonial 


Future 


The term Intelligent 
Transport Systems (ITS) 

was coined a decade ago 
but is only now coming to be 
widely seen as the next big 
thing after internetworking, 
wireless telecommunications 
and e-commerce 


legacy of three different rail gauges in Aus- 
tralia. This classic failure to collaborate 
seemed about to be repeated with incom- 
patible smart ticketing systems for public 
transport in some of the states. Luckily 
the approach being taken by the Victorian 
Transport Ticketing Authority is intended 
to ensure a compatible approach from all 
system vendors, and provide a compatible 
solution nation-wide. 

A similar risk of incompatibility of elec- 
tronic toll tags was averted only by over- 
whelming pressure from state governments 
and their industry partners to ensure inter- 
operability and compatibility of electronic 
toll tags.' Whilst tags now work along the 


58 | Information Age | Octoper/Novemser 2004 


eastern seaboard, further interoperability 
challenges still exist in tolling in areas such as 
enforcement and payments reconciliation.” 

The rail network has continuing chal- 
lenges of train control radio systems which 
have been provided independently in each 
jurisdiction. These cases underline the nature 
of the standardisation and interoperability 
challenges in practical transport systems. 

The active involvement of ICT profes- 
sionals to deal with the technical solutions 
needed to make the systems and standards 
compatible and interoperable has been 
slow. 


Truckies hit the road with new information 


The difference is that ITS is primarily 
about interoperability of information and 
control systems and services using message 
formats that in the past have been peculiar 
to the application; supply chain is about 
interoperability of business processes using 
traditional well-understood transactions. 
However there is now increasing realisa- 
tion that the two domains must interoperate 
effectively and more common approaches 
found. 

It may be significant that the supply 
chain has been intimately associated with 
the development of Web services technol- 
ogy, whereas ITS has not yet adopted it, 
pending confirmation of the 
security and reliability for ITS 
applications. 


So what are ITS? 
Intelligent Transport Sys- 
tems [ITS] are transport sys- 
tems that apply information, 
communications and control 
technologies to improve the 
operation of transport net- 
works.° It should be immedi- 
ately apparent that this makes 
ITS a fundamental concern for 
ICT professionals. 


In the supply chain 
Much work is going on in the supply chain 
to streamline business processes and lower 
costs. This is proceeding alongside ITS 
development but a dialogue to identify ben- 
efits of collaboration in the complementary 
activity is only just starting. ITS and supply 
chain logistics and distribution are in two 
parallel worlds; they recognise each other's 
legitimate role but have not yet learned to 
work well together. 

In many respects the focus is very dif- 
ferent, as illustrated by these definitions of 
interoperability from the two domains: 

H ITS interoperability: the ability of systems 
to provide services to and accept services 
from other systems and to use the services 
so exchanged to enable them to operate 
effectively together. 

HB Supply chain interoperability: the ability 
for partners to coordinate information 
and processes, especially across an elec- 
tronic network. 


Familiar examples of ITS 
include: 

H ‘Taxi dispatch and vehicle tracking using 
GPS 

H Urban traffic management systems such 
as SCATS® 

@ Emergency vehicle pre-emption and pub- 
lic transport priority systems 

H@ ‘Traffic incident (accident) management 
systems for motorways and major arterial 
routes 

Hi In-vehicle systems such as car navigation, 
especially when coordinated with traffic 
incident and congestion reporting sys- 
tems 

H Train control systems for optimum track 
safety and efficiency 

Other systems generally included in the ITS 

domain include the following: 

H@ Traveller information systems such as the 
511 service in the US 

@ Freight container track and trace sys- 
tems 

@ Car air-bag activation and roll-over crash 
distress call services 


# Commercial vehicle compliance and fleet 
management systems 

H@ Adaptive speed control for vehicles for 
motorway safety 

H@ Collision avoidance detection systems for 
vehicles 

H Use of smart cards for toll and other fee 
collection at highway speeds 

M@ Head-up displays for better vehicle driver 
support 

Then there are the futuristic ITS systems 

that will emerge over the next five to 10 

years: 

@ Automated driving systems for instru- 
mented highways 

M@ In-vehicle support platform for multi- 
media information and entertainment 
services 

A major challenge for this rapidly devel- 
oping field is to try to avoid incompatibili- 
ties between ITS systems and services, and 
to enhance safety, security and efficiency of 
transportation systems without compromise 
to privacy of information or to the integrity 
of the systems involved. 

Worldwide there has been much activ- 
ity to define a top-level architecture for ITS 
in order to support interoperability and to 
provide a basis for evolution of systems and 
services. This effort has been instrumental in 
achieving some benefits already: 

@ In the US a common notation has been 
mandated for ITS architectures cover- 
ing each of the states and regions. This 
National ITS Systems Architecture 
resulted from massive investment over 
several years and has provided a mature 
basis for national deployment. 

@ A common approach is in use through 
most of continental Europe for inter- 
national systems integration. This has 
resulted from EU sponsored work pri- 
marily intended to harmonise differing 
national approaches. 

@ A holistic approach in Japan provides for 
effective coordination between national, 
regional and local government and pri- 
vate service providers. In some respects 
it is the most developed. 


What is the situation in Australia? 

There are several institutes and centres of 
academic research and development for ITS 
in Australia and a major industry body, ITS 
Australia. ITS Australia is a not-for-profit 


Information Age | OctoBer/NovemBer 2004 | 59 


Point me in the right direction; route planning the fast way 


industry organisation which draws together 
suppliers of ITS systems, researchers, gov- 
ernment and users such as infrastructure 
operators and vehicle manufacturers. 

It was incorporated in 1992, around the 
time that ITS was first being discussed, and 
has provided increasing levels of leadership 
for federal, state and territory governments, 
research and development and industry. In 
1999 ITS Australia was charged with imple- 
menting the three-year national strategy 
for ITS program, e-Transport including 
the development of the National Reference 
Architecture for ITS (available to download 
from www.its-australia.com.au). 

The next stage of development is the 
development and publishing of the logical 
ITS architecture to provide an abstract view 
of the interconnectivity and interoperability 
of the many systems in use. One of the chal- 
lenges of this work is to find and use tools 
which are able to describe and add meaning 
to the often complex relationships without 
overgeneralisation and ambiguity. Some 
contemporary approaches include the use of 
Unified Modelling Language (UML). 

Although this has the potential to pro- 
vide greater precision when dealing with 
abstract concepts, there needs to be available 


other descriptions that can readily be used by 
people who prefer a less technical approach. 
Transport people are not accustomed to 
working with abstraction beyond the tradi- 
tional concepts of services and routes. 

The creation of new abstract concepts 
like itinerary or freight manifest is com- 
monly interpreted in terms of existing arti- 
facts rather than as concepts that can be 
specialised for individual applications. This 
is a crucial step because otherwise every sys- 
tem development will need to work through 
the same concepts. 

Another critical approach for architec- 
ture development is the use of a data registry 
for collection and harmonisation of data con- 
cepts from projects for use in later projects. 
The Australian standards committee IT-023 
for Transport Information & Control Sys- 
tems has recently supported the publication 
of an Australiag standard for an ITS central 
Data Registry.’ This re-badged ISO stand- 
ard provides the basis for operation of the 
Australasian ITS Data Registry [ANZIDAR] 


that is nearing completion. 


How does ICT affect transport? 
Changes in ICT affect transport just as much 
as any other sector, sometimes more so. 


The ubiquity of wireless data communica- 
tions is generating a profound impact on all 
forms of transport. For freight transport and 
distribution the use of RFID tags for freight 
items and AVL technologies for vehicles, 
along with geographic information systems 
to track and trace goods and to assist pas- 
senger travel, is giving rise to fundamental 
changes in how things are done and the level 
of service that is required. 

This technology evolution takes many 
forms — contact-less smart card tickets for 
urban travellers, distress calls for stranded 
vehicles, delivery fleet dispatching, time- 
critical responses by emergency services or 
TXT message for airline check-in for flights. 
What is not so clear though is what effort 
is being put into optimising the interoper- 
ability of all of these technologies. This is 
where standards can assist greatly. So too 
an architecture that is conceptual enough to 
accommodate all of these various services in 
a generic form so that standards and seman- 
tics for the interfaces and applications can 
be reconciled. 


What needs to be done by ICT 
professionals? 

ICT professional activity includes both the 
creation and exploitation of knowledge and 
practice related to all forms of ICT. With 
transportation becoming more and more 
dependent on ICT design and integration 
for the sustained delivery of benefits, it 
requires that its special needs are addressed 
by the peak bodies — AIIA, AEEMA, ATUG 
and ACS. The transport sector should be 
engaged by the ICT profession to resolve 
issues and add value. 

This requires imagination and vision. 
For example, imagine the following scenario 
a few years hence: 

1. Every vehicle has a built-in, sealed black- 

box immobiliser that prevents the vehicle 

from operating unless specified conditions 

are met: 

B The vehicle has a valid RFID registration 
tag built into the rear number plate 

@ The driver has a contact-less personal 
card that includes a valid driver’s licence 
object 

B The immobiliser checks that the driv- 
er’s licence object is on the list of drivers 
authorised by the owner of the vehicle 

@ If security is a concern then the driver 


60 | Information Age | Octoser/Novemser 2004 


can be recognised by a biometrics 
check of iris using the driver monitor- 
ing cameras. These are used to monitor 
the driver for the onset of drowsiness 
and are a normal feature of vehicles like 
airbags are today 
2. The personal device that everyone car- 
ries provides voice, data and multimedia 
networking using available wireless services. 
When in a vehicle this is expanded seam- 
lessly to provide a greater range of services 
and resources that are carried or supplied by 
the vehicle. For example, interacting with 
traffic incident and congestion reporting 
services to guide the vehicle navigation, in 
public transport to make reservations and 
travel enquiries or to use Web-based service 
delivery using a shared broadband feed to 
the vehicle. 
3. The availability of broadcast, multicast 
and addressed individual interaction with 
people or devices no matter where they are, 
in a seamless fashion, that deals with the con- 
nectivity issues as a part of the service.* 
4. For transport traveller services it will only 
be necessary to input (probably by voice) a 
destination and approximate time of arrival 
for the personal device to research the 
options available using wireless internet- 
working, and offer them for selection. Then 
reservations will be made and confirmed, 
payments billed and settled and journeys 
undertaken all with an interoperable travel- 
ler information service delivered seamlessly 
to the personal device. 

But how flexible will this integrated trav- 
eller environment need to be? We know that 
sometimes with in-vehicle navigation sys- 
tems we choose to take a different turn. The 
friendly voice cheerfully adjusts and provides 
new directions without any hint of concern. 
It will be the same with the integrated travel- 
ler environment. You can always change your 
plans and the system will cheerfully adjust. 

But it won’t just happen by itself; it needs 
the management and leadership of ICT pro- 
fessionals to ensure it does work — safely, 
securely and efficiently — so we don’t end up 
with the 21st century equivalent of multiple 
rail gauges. 

This leadership has been evident in 
successful standardisation efforts such as 
electronic toll tags and in other emerging 
collaboration for compatibility, connectiv- 
ity and interoperability. What is needed 


now is to articulate generalised principles 
for achievement of interoperability in ITS. 
ICT professionals have addressed this kind 
of challenge in banking, funds transfer and 
airline reservations. Now this capability is 
needed in transportation. 


Conclusions 

1. ITS is a growing area of ICT application 

that is critical to achievement of two high- 

priority national goals: 

M@ The more effective use of existing, as 
well as new, transportation infrastruc- 
ture through effective application of new 
technologies;? 

M@ The efficient use of energy sources for 
transportation. 

2. The design, development and delivery 

of ITS require the involvement of ICT 

professionals to work with transport policy 
and planning, ITS professionals and surface 
vehicle developers and operators. 

3. Where ICT professionals can help most 

is in the conceptual design and development 

of information and communications systems 
to meet ITS requirements to the full extent 
of their potential. 

So if you believe as I do that it is in trans- 
port that the most dramatic innovations in 
ICT are likely to occur, you will agree that 
its future requires our full attention. 


Bibliography 

AS ISO International Standards 
142857-2004 Organisation. Transport 
information & control 
systems — Requirements 
for an ITS/TICS central 
Data Registry and 
ITS/TICS Data 
Dictionaries. Standards 
Australia. 30 June 2004 
Dept of Transport and 
Regional Services. AusLink 
White Paper. AusLink 
Building our National 
Transport Future. Australian 
Government. June 2004 
McQueen, Bob & Judy 
McQueen. Intelligent 
‘Transportation 
Architectures. Artech 
House, Boston 1999 
Chen, Ken & John 

C. Miles (Eds) ITS 


AusLink 


McQueen 


PIARC 


Handbook 2000. 
Recommendations from 

the World Road Association 
(PIARC). Artech House, 
Boston 1999 


Acknowledgement 

I would like to acknowledge the helpful 
comments and suggestions from the Execu- 
tive Director of ITS Australia, Brent Staf- 
ford, and from members of the National 
ITS Architecture Working Group: Andrew 
Honan, Fiona Howroyd, Graham Lill and 
Joe Wisolith. 


Chris Skinner is the principal of DISplay Pty 
Ltd. Contact bim via cjskinner@acslink.net.au 


Footnotes 

| This outcome was achieved through 
ground-breaking work by the standards 
committee IT-023-05 to produce Austral- 
ian standard AS 4962(Int)-2001 Electronic 
toll collection — Transaction specification 
for Australian interoperability on the DSRC 
link 

2ITS Australia (National Electronic Toll 
Committee), Standards Australia (IT-023-05) 
and the ‘MOU Group’ of toll road operators 
are working collaboratively to achieve clo- 
sure in the area. 

3 ISO TC204 document N271 quoted in 
McQueen, Bob & Judy McQueen. Intel- 
ligent Transport Systems Architectures. 
Artech House. 1999 

4 Australian Logistics Council. An eBusiness 
Interoperability Framework. DRAFT 23 
Dec 2002 

5 ITS Handbook 2000. Recommendations 
from the World Road Association (PIARC). 
Artech House. 1999 p xvii 

6 Sydney Coordinated Adaptive Traffic Sys- 
tem developed by the Roads and Traffic 
Authority of NSW and used in most major 
cities in Australia and some 80 cities world- 
wide 

7AS ISO 14817 Transport information and 
control systems — Requirements for an ITS/ 
TICS central Data Registry and ITS/TICS 
Data Dictionaries 

8 This will still provide for people making 
themselves unavailable for periods when they 
need rest or to avoid interruptions. Their e- 
mail will all be there when they want it. 

9 AusLink White Paper page 68 


Information Age | October/NovemBer 2004 | 61 


By Dennis Furini 
CEO, Australian Computer Society 


New Membership 


categories Swell ranks 


IT’S BEEN a busy couple of months for the 
ACS, with our National Conference in Mel- 
bourne, the start of our first TV advertising 
campaign, and a range of activities in the 
lead-up to the federal election. 

I’ve spoken to several members who 
attended the National Conference and all 
agree that it was an outstanding event with a 
very high standard of speakers and content. 

The line-up included several high-pro- 
file keynote speakers, including former ALP 
President and author Barry Jones, who drew 
on his experience in politics and elsewhere to 
provide an interesting perspective on ICT 
developments; Irish Web content guru Gerry 
McGovern, who also conducted workshops 
around the current Education Across the 
Nation series (and whose views are featured 
in a separate article in this issue); respected 
researcher Professor Michael Myers of 
Auckland University; and Microsoft secu- 
rity expert Ben English, who offered valuable 
insights into new technology directions. 

For the first time, we also had a number 
of ICT suppliers exhibiting their products, 
which provided additional input and interest 
for delegates. 

Associated events like the ACS Confer- 
ence Dinner, which featured the presentation 
of the Victorian Pearcey Award, were also 
extremely successful, and it was wonderful 
to see our Young IT members and student 
members playing an active role there. 

Planning is already under way for the 
2005 ACS National Conference, which will 
be staged in conjunction with SEARCC 
2005, the annual conference of the South 
East Asian Regional Computer Confedera- 
tion, of which the ACS is a member society. 

This combined event, which is expected 
to attract hundreds of delegates from across 
South East Asia, will occur on October 20- 
22, 2005 in Sydney, with the theme Business 
Process Outsourcing and Emerging Technologies. 


The ACS last hosted the SEARCC Con- 
ference in 1998, when a large, international 
event was staged in Darwin. A national con- 
ference committee for SEARCC 2005 has 
been established under the leadership of ACS 
immediate past president Richard Hogg, and 
arrangements are well under way. 

A formal call for papers will be issued 
early next year, and ACS members who are 
prominent in their fields are encouraged 
to consider submitting papers for consid- 
eration. The conference will also include 
streams focusing on pervasive computing, 
and computers in sport. 

As I write this, our first television adver- 
tisements have gone to air on Channel 7, 
attracting a good response from potential 


enjoyable evening with first-rate food, some 
very talented young entertainers and a festive 
atmosphere, along with the opportunity to 
bid on some wonderful auction items to help 
raise funds for the ACS Foundation. 

This year’s ball sets sail under the theme 
of the “Love Boat” and will again be hosted 
by industry identity Mark Hollands, who 
plays the role of Captain Merrill Stubing. 

If you haven’t yet organised your tickets, 
please call (02) 9299 3666 — you don’t want 
to miss this one. 

I know that most of you are well aware of 
the success we’ve been enjoying in the media 
of late, with the ACS achieving a 75 per cent 
share of voice amongst all the ICT associa- 
tions and industry bodies. 


The ACS has also created new opportunities for 
professionals qualified in disciplines other than ICT 


new members. The ads will also appear 
nationally on Sky TV and on Qantas in- 
flight entertainment. 

They are designed both to raise aware- 
ness of ICT as a profession as well as encour- 
aging ICT professionals to consider joining 
the ACS and raise their professional status. 

The ACS has also created new opportu- 
nities for professionals qualified in disciplines 
other than ICT, but who have a professional 
involvement in ICT, to join the Society as 
Companion members. 

This new membership grade is now open 
to ICT-focused professionals such as lawyers, 
accountants, teachers and others who would 
not previously have qualified for ACS mem- 
bership. More information is available on the 
ACS Web site at.acs.org.au 

The 2004 Smart Sparks Ball is being 
held at the Shangri-la Hotel in Sydney on 
Saturday, October 23. This is always a very 


This furthers our cause not only in Can- 
berra where we now have a much higher pro- 
file, but also in the other states and territories 
where our relationships with the various gov- 
ernments are closer than ever before. 

Our President has recently held very 
productive meetings with the relevant min- 
isters in Queensland, NSW and Victoria, as 
well as with both sides of the Federal Gov- 
ernment. 

Finally, another new initiative we’re 
introducing for members is ACSLearn, an 
online resource offering brief definitions 
and explanations of a wide range of technical 
topics relevant to today’s ICT professionals, 
with links to more in-depth information. 

A prototype of ACSLearn is available 
at .acs.openlab.net.au and I encourage all of 
you to visit the site and provide feedback to 
assist us in tailoring this new service to best 
meet your needs. @ 


G2 | Information Age | Octoser/NovemBer 2004 


PROFILE 


Better 


information for 
better business 


His three careers in IT in industry, as an academic 


and as an entrepreneur have shared a single goal: to 
manage information to optimise the business process 


WHEN CYRIL BROOKES became the founding 
professor of information systems at the Uni- 
versity of NSW in 1974, he brought a new 
covenant to the faculty’s philosophy: infor- 
mation technology students would learn how 
to create new ways to optimise business, not 
just to develop new technology. 


for iron and steel production on emerging 
micro-processing technologies at BHP’s 
research laboratories in Newcastle brought 
the then recently-qualified Dr Brookes into 
a communion with commercial imperatives 
that would underpin his working life. 

“We did a lot of very good work mainly 
in the area of production control and plan- 
ning, merging information technology into 
production processing using what used to be 


computer-based production systems, the 
work spawned an abiding professional 
focus on the management and application 
of formal and tacit data which would later 
result in his establishing grapeVINE and BI 
Pathfinder as highly successful commercial 
enterprises. 

By the time he’d taken charge of BHP’s 
entire IT empire in 1971 at its Melbourne 
head office with a staff of more than 1000 


“Basically, my interest has always been in trying 

to raise the efficiency of management professionals, 
to make them more effective, through the 
information systems supporting them” 


“We were oriented towards business 
aspects and applications whereas other IT 
faculties were more oriented towards com- 
puter science for its own sake,” he says. 

This mind-set had evolved in a decade 
with BHP after gaining a BE (Electrical 
Engineering) with first class honours at Syd- 
ney University in 1962, later a Masters and 
then a PhD from Oxford for his thesis on 
“Adaptive Control Systems” in 1964. 

Pioneering work in developing produc- 
tion planning and process control systems 


called industrial engineering research, and 
at the same time building databases of com- 
mercial applications and then merging the 
two together so that the production-oriented 
stuff used the same data and shared the same 
systems.” 

A move to the Big Australian’s Port 
Kembla steelworks as its data processing 
manager in 1968 saw him as BHP’s first 
executive to combine the management 
responsibilities of commercial data process- 
ing, management science applications and 
process automation. 

Directly involved as well in the design 
of some of the world’s most advanced 


and six satellite computer installations, he’d 
reached the top of Australia’s private sector 
information management tree. 

“They were heady days with the IT man- 
ager as something of a high priest — noth- 
ing happened without their saying ‘go for it’ 
but that’s all changed now that everyone’s an 
expert.” 

Stepping into an academic post brought 
little financial hardship: “Academic salaries 
were at about the same level as the high end 
of the commercial sector — it’s changed a 
lot since.” 

The UNSW IT faculty grew to be one 
of the largest in Australia with 30 academics 


Information Age | Octoper/NovemBer 2004 | 63 


PROFILE 


and 1000 students during his tenure, and has 
kept growing. 

His practical experience and professional 
determination to reinforce technological 
convergence with business and government, 
particularly in information management, 
supported the university’s drive into coop- 
erative schemes with industry under which 
students would spend a year gaining work- 
place experience. 

“I believe we were one of the first to 
introduce the concept, and it still operates 
successfully at UNSW. Others have since 
adopted similar practices. It’s essential in 
developing real-world skills.” 

His tenure lasted 20 years, and also 
included being head of UNSW’s School of 
Accountancy from 1979 to 1985, strength- 
ening the integration of business and IT 
practice. 

“There were interesting things happen- 
ing in finance, manufacturing and mining 
at the time. We had the same activities as 
much larger economies, but the density of 
any given activity was much smaller. 

“Whereas the US might have 500 large 
banks for example, we had five, and this 
made Australia a very good test market for 
systems and exploring ways of making IT 
more efficient.” 

He knew that some of the research work 
he had been doing at BHP and UNSW could 
be productised and “I started off trying to 
build software products for the world and 
sell them, with some success. 

“Basically, my interest has always been in 
trying to raise the efficiency of management 
professionals, to make them more effective, 
through the information systems supporting 
them. 

“There has been quite a lot of research 
in this area, but I believe that much of it 
has been wasted or misdirected in that the 
key thing is to merge the hard information 
(the numeric information) that’s in com- 
puter databases with the unstructured, or 
tacit, information they carry around in their 
heads. 

“What people know is generally 
unknown outside that person, and personal 
knowledge is valuable. Very little of it exists 
on computers. 

“You get this strange thing in companies 
where different people try to solve the same 
problems several times over. All this is to do 


with knowledge sharing, an over-hyped area 
now, but not much was being done about it 
in the late 80s.” 

Out of this came grapeVINE, a joint 
venture with Unisearch (the commercial face 
of the UNSW), which was designed to help 
companies collect their unstructured infor- 
mation, build on it, store and disseminate it 
to create knowledge. 

The technology, which automatically 
classifies documents, targets delivery of alerts 
to the appropriate people and manages the 
assessment of business decisions, won him a 
US patent. 

“Tt worked pretty well I think, although 
the product was slow to get started because 
the technology base on which we were 
building it kept changing — from DOS to 
OS/2 to Unix to Lotus Notes to the Inter- 
net — and we had to keep rebuilding the 
software.” 

The grapeVINE technology was sold 
to Sun Microsystems at the end of 2000. It 
has become an integral part of Sun’s cor- 
porate Intranet server business software 
environment. 

His work in information and knowledge 
management continues with a new project, 
EIS Pathfinder, in the related area of require- 
ments determination for reporting systems in 
a Web environment. 

“ERP, CRM and financial systems have 
created huge amounts of data and there’s 
been a lot of work on business reporting or 
BI software. This creates a conundrum: we 
have more data than ever before, it’s more 
accurate, we have increasingly effective 
and inexpensive software tools to mine and 
process it. 

“And with all these you’d expect busi- 
ness reporting systems to be very effective 
and satisfying. But research shows that only 
half the systems are working the way they 
should and this hasn’t improved with all the 
technology. Why? 

“T believe the answer is that with all the 
tools in the world we are not building the 
wrong systems efficiently. Peter Drucker 
said: ‘Efficiency is doing things right, but 
effectiveness is doing the right things.’ I 
think we’re being very efficient in the way 
we provide access to information but we’re 
not effective because people don’t get what 
they want. 

“So requirements determination remains 


a big problem. Our methodology provides 
much needed structure to that process. 

“On one hand there is a management 
culture and on the other an IT culture, and 
the two don’t interact very often; except 
when the IT side goes to find out what the 
management culture wants. The answers 
come back inadequately — management is 
unable to explain what they want and the 
analysts are unable to elicit what’s required. 
It’s not that either group is incompetent, it’s 
because they don’t understand each other’s 
ways of thinking and working. 

“Management just wants to know what is 
going on in the business and if there’s a prob- 
lem — they don’t have time to delve through 
endless reports seeking satisfaction.” 


Encouraging professionalism 

Amid a hectic commercial history and a 
series of government advisory appoint- 
ments, he has worked to promote profes- 
sionalism in ICT including being NSW 
chair of the ACS, an executive committee 
member for several years and serving on 
IFIP’s information systems committee for 
a decade from 1975. 

He was made an ACS Fellow in 1972. 

He was founding director and later chair 
of the Australian Association of Chief Infor- 
mation Officers. 

“T feel that the current crop of CIOs are 
missing out on the good things in IT life. 
The IT business world is so serious, ephem- 
eral and so isolated. I have tried to find a way 
to get a group of 200 or so CIOs together to 
build a CIO network. 

“It’s hard to get them to respond as 
they’re so busy; mining doesn’t meet with 
manufacturing, or retail or financial — and 
government CIOs don’t meet their commer- 
cial counterparts. All have the same prob- 
lems; almost every issue in IT is horizontal, 
going across all industries — there are few 
vertical issues. 

“If you’ve got a technical problem 
another CIO will have solved it or at least 
had a go. It’s the same in setting and enforc- 
ing corporate policies, or getting unbiased 
information about the merits of products. 
Analysts are far less independent and most 
consultants have their biases. 

“However, as yet I haven’t been very suc- 
cessful in getting that all together. It’s a work 


in progress.” 


G4 | Information Age | Octoser/Novemser 2004 


PLATFORM | 


—+—_____ 


Standards. 
need more rigour 


Many software and systems engineering standards are now 
becoming so complex and so interdependent that simple 
methods of standards development are no longer adequate to 
ensure the necessary degree of consistency and rigour 


By Tom McBride 


ADDITIONALLY CHANGING a standard can incur 
significant costs to the user which puts pres- 
sure on the developers to get it right in the 
first place, but also to seriously consider the 
consequences of changes. Like software, the 
quality level needs to improve. But also like 


software, this won’t happen using the same 
development methods and, instead, requires 
different methods. In other fields, like soft- 
ware development, methods of achieving the 


long documents or between documents and, 
although circulation is wide, very few people 
are knowledgeable enough or take the time 
to do more than a cursory review. Two hun- 
dred pages of standard is a daunting thing to 
read and hardly bedtime entertainment. At 
its best peer review is an excellent flexible 
system of checking the quality of a standard 
but at its worst it does not ensure the quality 
levels expected and required of current-day 
standards. But it is the most common system 
of review when the subject matter is diverse 
and involves concepts rather than numbers. 


Japanese companies, American companies 
and European companies. Some years ago, 
when some seemingly small changes were 
being proposed to ISO 12207, the Japanese 
delegation quietly expressed some concern. 
It seems that Japan had adopted ISO 12207 
nationally and any changes to it would 
incur significant costs to Japan as a whole. 
Similarly when the Software Engineering 
Institute wanted to publish the Integrated 
Capability Maturity Model (CMMI) and 
withdraw its predecessor, CMM, a large 
number of organisations simply refused to 


same quality objectives have included field 
trials and more rigorous methods of expres- 
sion and checking. Like software, higher 
quality levels are seldom achieved by pres- 
suring those who are already doing the best 
they can under the circumstances. It requires 
different methods. 

Standards are currently developed by 
writing narrative English, then sending it 
out to a wide range of people for critical 
review. The problems with this are that it 
is difficult to achieve consistency across 


We are all very familiar with clinical trials 
and expect that many consumer goods 
will be thoroughly tested before becoming 


available to consumers 


Some standards have great commer- 
cial significance. ISO 12207, ISO 15504, 
CMMI and ISO 14143 are examples of 
standards with a reasonable sized user base. 
Any changes to those standards, no matter 
how well justified and no matter how much 
better it makes the standard, still incurs 
upgrade costs. In Australia we tend not to 
think too much about the costs of chang- 
ing a software development methodology 
because it doesn’t seem to be that much of 
a bother to read what the new methodology 
says and follow it from now on. But Australia 
has less appreciation of large scale than do 


convert to the new model. Having spent sig- 
nificant money on getting the development 
processes required by CMM installed and 
everyone trained in their use, they weren’t 
about to happily spend the same amount all 
over again. So CMM has been maintained 
for an interim period. 

During its development there has been 
considerable difficulty gaining consensus on 
ISO 14143 — Functional Size Measurement. 
One of the reasons, but not the only one, 
is because the existing base of some 80,000 
organizations already use the IFPUG method 


to measure the functional size of their 


Information Age | Octoser/Novemeer 2004 | 65 


PLATFORM 


systems. Any change to the method raises 
problems with the validity of the existing 
database of measurements. What happens 
to all that data? What happens to the invest- 
ment in the training in IFPUG alone, never 
mind anything that actually uses the meas- 
ured size to, for example, estimate the size of 
a project? What of contracts drawn up based 
on IFPUG measures? Are they still valid? 
And, of course, we know about the costs of 
upgrading the entire QA system every time 
ISO 9001 is revised, which is about every 
five years. 


specifications and looked at the final product 
and they think it will all be OK. Yet this is 
what we do with standards. There is seldom a 
trial to see if the standard does achieve what 
it sets out to do, like describe activities that 
will actually result in a good specification or 
good design. There is seldom a trial to see if 
the intended consumers can understand the 
thing. Nothing to check how easy or costly 
it is to implement. Nothing to check how it 
affects or interacts with other activities the 
consumer might be involved in. 

One of the software engineering stand- 


“Few companies are likely to say: “Here, take a 
few hours away from this project, on which the 
future of the company hangs, and tell me whether 
you think this draft standard makes sense” 


Change is inevitable, we know and 
acknowledge. But it would be nice if the 
standards were well developed and rigorous 
in the first place so that the passing of time 
brings on necessary changes rather than bug 
fixes. It is annoying to be faced with changes 
to standards, and the cost of conforming to 
those changes, when the standard wasn’t as 
well thought out as it should have been. 

When consistency matters, as it does in 
the process standards of ISO 12207, ISO 
15288 and ISO 15504 rather than writing 
the standard as a text document they could 
be written as a database. Databases are good 
tools with which to ensure consistency. This 
was done as an experiment on one standard 
recently with significant effect on the level of 
consistency we were able to achieve. Unfor- 
tunately the idea of using a database proved 
to be a little too radical for some and it wasn’t 
carried through although the resulting con- 
sistent clauses were. As it happens when we 
looked into it, a database is an acceptable way 
to express a standard. Maybe next time. 

Review by domain experts will catch 
many flaws of clarity, ambiguity and con- 
sistency but won’t be able to check usability. 
That would require a trial. 

We are all very familiar with clinical trials 
and expect that many consumer goods will be 
thoroughly tested before becoming available 
to consumers. We wouldn’t accept the view 
that knowledgeable people have reviewed the 


ards was trialled as part of its development. 
ISO 15504, Software Process Improvement 
and Capability Determination, was published 
first as a technical report so that there was a 
two-year period, instead of the normal five- 
year period, in which it could be trialled 
throughout the world and the experience 
of those trials fed into the subsequent revi- 
sion. 

Full clinical trials are expensive and 
standards don’t need to achieve the same 
level of proof that they will do no harm. 
Instead it would be better to begin with the 
objective of proving minimal levels of usabil- 
ity. Rather than pitching standards develop- 
ment and trials as requiring the best available 
talent, perhaps it would be better to look at 
what would be “good enough” to achieve a 
minimal level of usability and to begin the 
expectation that standards should be trialled. 
We first need to establish a general method 
of conducting standards trials. 

But this is not a very charitable me. Few 
companies are likely to generously say to one 
of their most valuable people, for domain 
experts tend to be valuable, “Here, take a 
few hours away from this project, on which 
the future of the company hangs, and tell me 
whether you think this draft standard makes 
sense.” There is no money in it for them, and 
precious little publicity. Nor is the academic 
community likely to spend their precious 
time developing a research program to trial a 


standard when work on the standard doesn’t 
count toward any research quantum. 

It is unreasonable to expect the stand- 
ards developers to be aware of everything. 
The people who develop standards are all 
very able people who volunteer their time 
to a good cause. Their only payment is the 
same bragging rights that go along with any 
other volunteer work. But there aren’t that 
many of them and they all have limits on how 
much time and energy they can devote to 
the task. 

Perhaps there are some who are domain 
experts and could afford the time to review a 
standard and send in some observations and 
suggestions for improvement. And perhaps 
some companies really could use the stand- 
ard, assuming it was well founded and actu- 
ally helpful. Perhaps they need it enough 
that they would be prepared to trial it so 
long as they got some help and so long as 
it didn’t cost them real cash. That would be 


a start. 


Tom McBride is chairman, ACS National 
Standards Committee 


The symbol of quality 


AS PART of our 

ongoing effort to 

raise the status of 

ACS membership, 

the society is invit- 

ing existing full 

Members and Fellows to include the 
ACS logo on business cards. This is in 
addition to using ACS post-nominals 
such as MACS or FACS. 

Not only would this clearly iden- 
tify you as a qualified IT professional 
who subscribes to a recognised Code 
of Ethics and Code of Professional 
Conduct and Practice, but it encour- 
ages other like-minded practitioners 
to consider raising their own profes- 
sional status by joining the society. 
The ACS has developed a style guide 
for the use of its logo on Members’ 
business cards and it is important that 
this is adhered to at all times. Visit http:// 
www.acs.org,au/national/guidelines/ 
bizcard/.html for information. 

For more information, contact Simon 


Kwan on (02) 9299 3666. 


66 | Information Age | Octoser/Novemper 2004 


NEWS 


‘Does the ACS have a future? 


How the ACS can show Australian IT matters’ 


More than 50 NSW Fellows attended 
their annual dinner in Sydney recently 
to renew old amities and hear political, 
industrial and social luminary Barry 
Fones speak about ICT, and the ACS’, 
place in Australia. These are edited 
highlights. 


Abstract: The Australian Computer 
Society, as the professional body for 
practitioners in the ICT industry, 
faithfully represents the Australian 
scene in which employment is large, 
diversified, technically skilled, but 
oddly non-strategic. ACS is rightly 
committed to assisting its members 
to achieve their professional goals, 
to raise and maintain standards and 
ethics in ICT, and to promote the 
beneficial use of technology. 

But the ICT industry in Australia, 
although all pervasive, is both passive 
and derivative, with relatively few 
brand names of international signifi- 
cance, a significant contribution to 
Australia’s adverse terms of trade, 
and potentially weaker after the Free 
Trade Agreement with the United 
States becomes operative. 

The ACS could be an effective lobbying 
group, not just to ensure more effective ICT 
governance, and transparency and account- 
ability in ICT decision making, worthy but 
secondary aims. If it chose, ACS could raise 
its sights towards primary aims, to help 
create an ICT industry which had interna- 
tional recognition. But to do this, Australia 
would need an ICT industry which had 
more in common with medical research 
than with, say, the motor vehicle industry, 
aviation, accountancy or telecommunica- 
tions, with unique Australian content and 
a high level of Australian ownership and 
control. 

It would need champions, too, of the 
quality of Gus Nossal, Frank Fenner, 
Peter Doherty, Graeme Clarke and Alan 
Trounson, who have helped keep medical 
research — and breakthroughs — on the 


Barry Jones 


national agenda. The bionic ear is an excel- 
lent illustration of combining electronic and 
biological research. 

When attempts have been made to 
generate national debate on ICT issues, 
such as the ill-fated Knowledge Nation Task 
Force Report in 2001, ACS has contributed 
the sound of one hand clapping. I assume 
that ACS was involved in the FTA debate, 
but your Web site does not make that clear. 

ACS has some attributes associated 
with a trade union or professional associa- 
tion, but your mission aspires to a role in 
standards setting, promoting research and 
extending knowledge. I wish more power 
to you in promoting these aims, and if I 
was more familiar with your achievements 


in these areas I could be even more 
enthusiastic. 

NICTA is potentially a major 
player in Australia’s intellectual life 
and as it flourishes so will ACS. 

Occasionally our ICT capacity 
has a major breakthrough, such as 
Radiata, but then — if it is sold off, 
as it was to Cisco in the US, ICT 
slips back to a mere servicing role. 

The 
— leaders or followers? Australia 
suffers 


Inventory Problem 


from the “inventory 
problem” — a conspicuous lack of 
high value-added brand name goods 
and services for which there is inter- 
national recognition and demand. 
This is a by-product of Australia’s 
long reliance on resources, and 
the slow transition from the “Old 
Economy” to the “New Economy” 
(the central point of Donald Horne’s 
The Lucky Country (1964)). 

Australia had its own Industrial 
Revolution in the 1880s — but, like 
Canada, it adopted the colonial (or 
“cargo cult”) model of technology 
acquisition. Sweden, Switzerland, 
the Netherlands, Denmark and 
Finland adopted a national model. In 1901, 
when the Commonwealth of Australia was 
inaugurated, we had four great areas of 
scientific strength: agriculture, geology/ 
mining/metallurgy, astronomy and 
medicine. A century later, in 2001, we had 
the same four great strengths. 

Oddly, after a century of scientific 
revolution, nothing new had been added to 
the list and nothing had dropped off. (The 
new discipline of biotechnology operates 
within agriculture, mining and medicine). 
Like Canada, Australia illustrates “truncated 
development”, in which innovation is seen 
essentially as marginal improvement in 
processes for materials in very long product 
cycles, not new products with a short life 
(e.g. computers/software). 

Foreign ownership of major sectors 
of the Australian economy, e.g. motor 


Information Age | Octoser/Novemper 2004 | 67 


NEWS 


manufacturing, aviation, chemicals, helps to 
perpetuate a “follower” economy. There is 
a long-standing confusion between innova- 
tion and improvisation. 

In the early 1980s, in comparing, say, 
Australia and ‘Taiwan, it would have been 
a reasonable hypothesis to assume that by 
the year 2000 Australia would have been 
well ahead in ICT production, given our 
strong education systems, research history, 
inventiveness and being plugged into the 
English-speaking world. In fact, Taiwan 
streaked far ahead. We suffered from a 
failure of nerve, conventional thinking in 
the public service, absence of dynamic and 
compelling leadership in the computing 
business. Our medical research benefited 
from outstanding advocates. Nossals were 
elusive in computing. 

Early in the Hawke Government, 
Cabinet made a deplorable (but under- 
standable) decision which shaped and 
limited Australia’s capacity to develop 
ICT: The Department of Social Security 
needed to upgrade its computer capacity, 
which included the processing of millions of 
cheques each fortnight. 

The department called for tender 
submissions for a $200m computer system 
— a huge sum in 1983. A Cabinet sub- 
committee, to which I was co-opted, had to 
choose between two submissions, one from 
Wang from the United States, the other 
from a consortium of Australian companies. 


I argued passionately that we should adopt 
a high-risk strategy which would force 
Australian hardware and software practi- 
tioners to collaborate. 

Bureaucrats from Treasury, Finance 
and Social Security urged a low-risk 
strategy: give the contract to a large and 
expanding US company which could 
guarantee high-level performance and 
would be there forever. Cabinet adopted 
the Wang option, and the Australians lost 
their chance. Ministers said: “Wang won’t 
fail — but the Australians might. And if 
there was inadequate local backup, the 
system crashed and pension cheques did 
not get out in time, we would face a politi- 
cal disaster. Let’s play safe.” 

A few years later, Wang stalled and lost 
most of its market share. Australia remained 
a huge importer of ICT, with very modest 
exports, mostly in software. 

Capital formulation problem. This seems 
to be intractable. 

Political problem. No Australian 
Government ever adopted a National 
Information Policy — and saw all the issues 
of information and IT as segmented so that 
education, industry, telecommunications, 
entertainment were all seen in isolation. No 
political champions were prepared to talk 
the issue up after my demise as Minister in 
1990. Queensland was an exception, at the 
time that Kevin Rudd was Chief of Staff to 
Premier Wayne Goss. 


ACS introduces new membership grades 


THE ACS has introduced two new membership categories: Senior Member, to differentiate 
more experienced ICT professionals; and Companion, which for the first time recognises 
professionals from other fields working in senior ICT roles. 

The new grades allow senior managers and experienced consultants working in ICT 
to demonstrate their professionalism and commitment to a Code of Ethics. 

The Senior Member grade is open to qualified senior ICT managers, experienced 
consultants and ClOs with at least 10 years’ professional experience, including five years 
at a senior level, and appropriate qualifications and knowledge. 

The Companion grade has been established for senior managers and members of other 
professions who might not hold ICT qualifications, but who have a significant involvement in 
ICT. Eligibility is based on academic qualifications, experience and eminence or authority in 
a particular discipline, such as teaching, finance or accounting, law, nursing etc. 

ACS President Edward Mandla said the new membership grades are designed to 
recognise those seasoned professionals who have developed an enhanced body of ICT 


knowledge. 


“We wanted to recognise the experience and contributions of ICT professionals who 
have already achieved many of their professional goals and currently hold senior roles in 
management, consulting or other disciplines within ICT} he said. 


The Australian ICT industry is essen- 
tially a subset of marketing and packag- 
ing: the ICT supplements published by 
newspapers are promotional, pushing 
product and instructing about processes 
rather than developing ideas, generat- 
ing consequential downstream service 
employment rather than start-up ventures. 
(Our ICT profile is more analogous to 
the motor industry than, say, to medical 
research). 

Low profile: in striking contrast to 
Australia’s medical research which has had 
high prestige spokesman such as Nossal, 
Fenner, Doherty, the ICT industry has 
languished... 


Economic problem: foreign ownership. 
Likely to be compounded by the FTA. 


68 | Information Age | OctoBeR/NovemBer 2004 


We have major players, e.g. Murdoch and 
Packer, but they have shown no interest in 
developing the local ICT capacity. 

Time problem: is IT used to expand time, 
to make us more creative and do amazing 
things, or is ita means of consuming time, 
a form of distraction, a major activity 
substitute. 

Psychological problem: expanding time, 
or filling it in. Web surfing, text messages, 
mobile telephones — frantic desire to fill 
in time. Not much evidence that it adds to 
creativity. 

Correlation between quality of 
information input and the quality of 
ICT delivery. Is the relationship negative? 
Compare the quality of Abraham Lincoln’s 
Cooper Union (New York) speech in 
February 1860, a deeply researched, 
complex, finely nuanced argument which 
was disseminated through primitive 
technology, and debates in the 2004 US 
Presidential election, where the electronic 
delivery is sophisticated, but the quality of 
argument/assertion is not. 

Privatisation of research and its limita- 
tion. This leads to governments treating 
CSIRO and the universities as trading 
corporations, and moving tertiary educa- 
tion towards an increasing emphasis on 
training and commercial goals. Australia 
cannot pursue the goal of an innova- 
tion culture (‘Smart Australia’) and 
simultaneously cut R&D expenditure. 
Basic research is under major threat. 
Universities have become increasingly 
instrumental, less speculative — imposing 
self limitation on the nation. Their infra- 
structure is often crumbling. Humanities 
are down, computer and business studies 
up. (Monash University indicates that 9 
per cent of its activity is in the Humanities 
— 30 per cent in computer studies, IT, 
Management, Marketing, Accounting). 
Science vocations well down — up to 20 
per cent on a decade ago. (Shortfall is 
taken up by overseas students. At gradu- 
ation ceremonies these days, who receives 
the serious degrees and who gets the 
Mickey Mouse awards?). 

We have huge policy deficits — no 
science and technology policy (or Health, 
or Education) — only Budgetary strate- 
gies. Queensland is an anomaly, experi- 
encing a remarkable growth in medical 


| NEWS 


Don't miss the Smart Sparks Ball 


TIME I$ RUNNING OUT to book your seats for the 2004 Smart Sparks Ball, the premier 
fund-raising event for the ACS Foundation, which will be held at the Shangri-La Hotel 
in Sydney on Saturday, October 23. 

This is a wonderful opportunity to enjoy a fabulous night’s entertainment while 
investing in the future of the ICT industry by helping to support young people through 
the ACS Foundation. 

This year's event takes as its theme the “Love Boat”, drawing on the popular tel- 
evision series from the 1980s to navigate a course through an evening of fine food 
and wine, colourful performances by a troupe of talented young performers from 
Out there Productions, and a wide range of interesting auction items, including two 
Lexus cars with low reserves! 

Come dressed as you would for a glamorous shipboard cruise and prepared to 
be welcomed on board by none other than the Love Boat’s Captain Merrill Stubing, 
aka industry researcher and commentator Mark Hollands, who served so effectively 
as MC at last year’s event. 

At the ball, you'll have the opportunity to participate in both silent and live auc- 
tions for products ranging from paintings and wine through to electronic gadgets and 
sporting memorabilia. Sydney City Lexus is providing two cars — an $80,000 Lexus 
RX330 and a $15,000 Toyota Echo — for auction on the night. 

The ACS Foundation is grateful for the sponsorship of Altiris, eCorner, the ACS 
and Alt-U, which once again has provided administrative support for the organisation 
of this year’s event. 

Tickets to the Smart Sparks Ball are $225 each or $2400 for a table of 
12. For more information or to make a booking, call (02) 9299 3666 or e-mail 
smartsparksball@acs.org.au 


and biotech research, assisted by a number 


| The symbol of quality 


AS PART of our 

ongoing effort to 

raise the status of 

ACS membership, 

the society is invit- 

ing existing full 

Members and Fellows to include the 
ACS logo on business cards. This is in 
addition to using ACS post-nominals 
such as MACS or FACS. 

Not only would this clearly iden- 
tify you as a qualified IT professional 
who subscribes to a recognised Code 
of Ethics and Code of Professional 
Conduct and Practice, but it encour- 


of enterprising Cooperative Research 
Centres (CRCs). 

Two Centres of Excellence were created, 
following the Government’s Backing 
Australia’s Ability Report (January 2001) 
— one in ICT, the other in biotechnology. 

NICTA (National ICT Australia) was 
established in October 2002, as a Centre 
of Excellence with ANU and UNSW 
as the core partners. $129.5 million was 
allocated out of the “Backing Australia’s 
Ability” Fund. Microsoft is a partner 
and Melbourne University joined in July 
2004. 

I did not come here to discuss the 2004 


Election campaign, but there is a distinc- 
tion between the Coalition view (leaving 
aside NICTA) and the Opposition on the 
future development of ICT. The Coalition 
promotes usage and consumption of ICT as 
a driver for productivity growth per se, with 
less concern about where the hardware/ 
software/intellectual property originates. 
The Opposition wants to put more empha- 
sis on creative ICT and developing new 


products. 


ages other like-minded practitioners 
to consider raising their own profes- 
sional status by joining the society. 
The ACS has developed a style guide 
for the use of its logo on Members’ 
business cards and it is important that 
this is adhered to at all times. Visit http:// 
www.acs.org.au/national/guidelines/ 
bizcard.htm! for information. 

For more information, contact Simon 
Kwan on (02) 9299 3666. 


Information Age | OctopeR/Novemeer 2004 | 69 


NEWS 


ACS certification graduate wins PMI award 


CONGRATULATIONS to Rohan David (CMACS 
— IT Strategy and Management) who won 
the Project Manager of the Year 2004 Award 
from the Project Management Institute 
(PMI) Council. 

This prestigious award was open to 
any project manager working in Australia 
who completed (or practically completed) a 
project in the 12 months leading up to June 
1, 2004. 

Finalists were flown to Melbourne for 
the final selection interviews and the award 
was presented during the PMOZ Project 
Management Conference in Melbourne on 
August 13. Rohan’s trip was sponsored by 
the ACS, providing him with travel, accom- 
modation expenses and registration to the 
PMOZ conference. He also received travel, 
accommodation expenses and registration to 
a PMI Global congress valued at $10,000. 

An ACS member for more than 14 years, 
he has been working with global multina- 
tional organisations across broad product 
portfolios. He implemented CRM mobile 
(field) sales for the Cadbury Schweppes 
sales force and was responsible for the due 
diligence/IT integration of a newly acquired 
company into the Cadbury (Confectionery) 
landscape. His initiatives have involved 
large cross-disciplined teams where he has 
played many roles from business consulting 
to project management. 

Rohan completed the CMACS program 


Successful conference 


MORE THAN 160 delegates registered for 
this year’s ACS Conference which saw 
50 presentations and four keynote 
addresses. 

The event, which had 14 supplier/ 
vendor exhibitors demonstrating their 
products and services for the first time, 
was organised by ACS member Chris 
Monteagle. 

“Chris created and managed an 
excellent event,” said CEO Dennis 
Furini. 

The conference drew a significant 
number of new ACS memberships. It 
will be held in Sydney next year in con- 
junction with SEARCC. 


Pam Barnes (Certification Program Co-ordinator), Gerry McGovern, Wayne Knack 
(PD Board Director), Gerald Murphy (Certification Program Manager) and Kate 
Behan (ACS Fellow and consultant to the Certification Program) 


in IT strategy and management in 1997 and 
said the course was an important stepping 
stone in his career. 

“Because the CMACS program content 
is compiled by industry experts, it gave me 
up-to-date knowledge on trends, legal issues 
and strategic insights that complemented 
my work, enabling me to leverage signifi- 
cant value from it. The program had a good 
choice of subjects to pursue in addition to 
the core subjects of IT Trends and Business, 
Legal and Ethical Issues,” he said. 

“The alignment of process, people and 
technology to a business strategy is a fine art 
requiring teamwork, communication, focus, 
planning and tenacity. IT professionals should 
stay abreast of changes and trends in the entire 
portfolio of knowledgeable insights, process 
frameworks and technology options that can 
help them to consistently deliver on the promise 
— CMACS provides this knowledge.” 


CMACS project management 
Project management (PM) is a creative 
problem-solving process that deter- 


mines a project’s failure or success. Poor 
project management has been a contrib- 
uting factor to the “credibility” problem 
of many IS/IT organisations and 
functional areas. Our PM specialist 
subjects cover: 


Lessons learned from success and failures 
Project management frameworks 
Project context 

Integration and initiation processes 
Project planning 

Project scope 

Time management 

Benefit and cost management 

Human resource management 

Risk management 

Quality management 

Communications management 

IS/IT projects 

Managing e-projects 

IS/IT development methods 

Advanced project techniques 

Managing contemporary IS/IT projects 


such as ERP, CRM, DW, Bl and KM. 


70 | Information Age | OctoseR/NovemBer 2004 


NEWS 


Inaugural bootcamp a big success 


THE ACS is considering a proposal to make 
the YIT Bootcamp an annual event with 
additional state-based workshops, following 
the extraordinary success of the inaugural 
seminar in Sydney. 

A total of 59 delegates attended the 
Sydney pilot in July, with feedback ranging 
from “highly informative, very useful and 
just as importantly, highly enjoyable” to “a 
brilliant opportunity to meet with other 
aspiring professionals, gain important 
contacts, and learn what it takes to begin a 
career in IT from inspiring presenters” . 

The three-day event, from July 11- 
13, covered preparing delegates for the 
workforce, resume preparation, inter- 
view skills, career planning, and provided 


insight into the industry, the realities of the 
workforce and graduate experiences. 

Bootcamp was heavily subsidised by 
the ACS and based at YHA Sydney Central 
to help keep costs down while providing 
comfortable and relaxed surroundings for 
delegates. 

YIT Committee Chair Ana Govan said 
the event was “absolutely spectacular” with 
“an amazing environment and energy that 
was incredibly uplifting”. 

Delegates heard presentations from 
IDC’s Peter Hind on where the ICT indus- 
try is heading; Career One’s Kate Southam 
on identifying the right job; Edwina Low of 
Alt-U on presentation and interview skills; 
Bhuvan Unhelker of MethodScience on 


career planning; and Prof Kerryn Phelps on 
setting and achieving goals, among others. 

“The feedback we’ve received and 
continue to receive from delegates has been 
incredibly positive. Many of them have gone 
back home and formed local YIT groups to 
maintain the relationships they made at the 
event,” said Ana. 

“A number of delegates have expressed a 
wish to become more heavily involved in the 
ACS as a result of their bootcamp experience 
and some have managed to win new jobs as a 
result of the skills and confidence they gained.” 

A decision will be made about staging 
additional bootcamps and local workshop 
events by the November meeting of the 


ACS Council. 


ACS Eureka Award 


THE OPTICAL FIBRE TECHNOLOGY CENTRE (OF TC) 
at the University of Sydney has won the 
prestigious Australian Computer Society 
(ACS) Eureka Prize for ICT Innovation for 
its breakthrough work in developing plastic 
optical fibres. 

The revolutionary technology has 
enormous commercial potential to reduce 
the cost of “last mile” and local links for 
broadband networks, as well as diverse 
possibilities for medical, biotech, endoscopy, 
imaging and robotics applications. 

The Eureka Awards, Australia’s premier 
awards for Science and Innovation, were 
presented in August ata gala dinner attended 
by over 1000 people representing the cream 
of the nation’s scientific community. Also 


for Optical Fibre Technology Centre 


present were NSW Governor Professor 
Marie Bashir, Federal Science Minister 
Peter McGauran and NSW Environment 
Minister Bob Debus. 

ACS National President Edward Mandla 
presented the ACS Eureka Award for ICT 
Innovation to the OFTC team, congratulat- 
ing them on their quality research and the 
outstanding potential of the technology. 

“The ACS is proud to sponsor the only 
ICT-related award among the 22 Eureka 
prizes. We are particularly delighted to award 
an Australian research effort which has resulted 
in a product with such strong commercial 
drivers and which offers enormous potential 
benefits both for Australia and for interna- 
tional markets,” he said. 


ACS Annual General Meeting 


MEMBERS are invited to attend the 13th Annual General Meeting of the ACS, which will 
be held at 6.00pm on Friday, November 19, 2004 in the Press Room at the Radisson 


Plaza Hotel, 27 O'Connell St, Sydney. 


The business of the meeting is to confirm the Minutes of the November 2003 
AGM and the Minutes of the July 2004 GM; and to receive and consider the Annual 
Report for 2003/4 (which incorporates the Statement of Accounts and Balance 


Sheets, and the Auditor's Report). 


Minutes of the 2003 AGM and the July 2004 GM will be attached to the 
meeting notice on the ACS Web site, as will the 2003/4 Annual Report, once it 


is completed. 


A senior researcher on the OFTC team, 
Maryanne Large, said the polymer optical 
fibres developed through their research had 
the potential to dramatically reduce the cost 
of delivering broadband Internet access to 
homes and businesses. 

“We're seeing lots of interest in this 
technology, both from Australia and 
overseas, and are currently negotiating with 
a major international player in relation to 
the potential broadband applications,” she 
said. 

It was third time lucky for the OFTC 
team, which entered the Eureka awards in 
2002 and 2003. 

“We've been very focused on trying to 
be competitive enough to win this award 
and are delighted with this result. There 
aren’t a lot of opportunities for scientific 
achievements to be publicly recognised in 
Australia and the Eureka Awards are a great 
forum to showcase new developments and 
create more awareness,” said Ms Large. 

“Our technology will change lives 
just as mobile phones, Internet access and 
broadband have in the past 10 years. We 
can’t predict what the change will be, but 
within the next decade I expect to see these 
high-capacity cables in homes, businesses, 
cars and in a new generation of powerful 


computers.” @p 


Information Age | OcroBer/Novemper 2004 | 71 


INFORMATION AGE 


Managing Editor: Peter Davidson 


Design and Layout: Stephen Lennox 
and Doug Jeans 


Workflow Manager: Cheryl Podda 
National Sales Manager: Alyssa Doherty 


Account Manager 
Training and Education: Amanda Patrick 


Vice President 
Interactive Division: Shirley Ingram 


Circulation Manager: Dorothy Adams 
Publisher: Linda Kennedy 


Associate Publishers: Davy Adams, 
Mark Hobson 


Managing Director: Don Kennedy 
Deputy Managing Director: Mark Jones 
Chairman & Founder: Patrick J McGovern 


So 
COMMUNICATIONS 


Published by 

IDG Communications Pty Ltd 
88 Christie Street, 

St Leonards, NSW 2065. 
Phone: (02) 9439 5133 

Fax: (02) 9439 5512 


Information Age is the official publication of 
the Australian Computer Society (ACS) and 
is published bi-monthly by IDG Publications, 
on licence from the ACS. The Australian 
Computer Society, PO Box Q534, Queen 
Victoria Building, Sydney NSW 1230 
Phone: (02) 9299 3666 Fax: (02) 9299 3997 
E-mail: info@acs.org.au 
URL: www.acs.org.au 

www. infoage.idg.com.au 


SUBSCRIPTIONS: $72.00. 

Copies are distributed free to members 

of the ACS. All material in Information Age 
is protected under the Commonwealth 
Copyright Act 1968. 


Printed by Offset Alpine Printing Pty Ltd 


AUSTRALIAN 
COMPUTER 
SOCIETY 
CEO: Dennis Furini 
President: Edward Mandla 
Immediate Past President: Richard Hogg 
Vice-presidents: Philip Argy, Chris Avram 
National Treasurer: Glen Heinrich 
Publications Board Director: Tom Worthington 
Contributing editor for ACS: Caroline New 
Audited circulation 15,230 


72 | Information Age | Octoser/Novemser 2004 


Member 

Brittliff, Neil 

Dias, Virajamani 

Lee, Hae 

McConnell, Ross 
Associate 

Bhati (Brettell), Rina 
Brogan, Daniel 

Saul, Brooke 

Turner, Tristan 
Wettle, Benay 
Provisional Associate 
Arogundade, Ola 
Student 

Robinson, Miranda 


Member 

Abela, Simon 

Acquah, Isaac 

aker, Shane 

Barbariol, Robert 
radbury, Neville 
Castle, Craig 

Eskander. Magdy 
Forrest, Wayne 

Gorton, lan 

Gow, Richard 

Hopcroft, Grant 

liescu, Vergil 

Kumar, Amrish 
Mainuddin, Asheque 
McCormac. Colin 
Nguyen, Chuc 

Quayle, Cateen 

R Kulkarni, Milind 
Sheldrick, Rob 
Simonovski, Nick 

Sun, Hong 

Thompson, Leigh 
Walder, Chris 

Wong, Barry 

Wong, Chris 

Zarrella, Egidio 
Associate 

Adriano, Aris 

Ahmed, Mohammed 
Boje, Chris 

Butani, Manisha 
Cannon Brookes, Michael 
Chadha, Urvashi 
Cheung, Rico 

Cho, Joe 
Chun Kuen, Billy 
Coetzee, Bryan 
Cui, Hao 
Davis. Bruce 
Farquhar, Scott 
Gleeson, Nicholas 
qbal, Muhammad 
Johnston, Samuel 
Kasem, Mulham 
Kashoji, Venugopal 
auw, San 

azaro, Onita 

00, Toby 
owbridge. Michael 
Noordin, Chairusanah 
gata, George 
"Mahony, Aine 
Park. Young 

undir, Ashwani 
Quarters, Conqueror 
Ramli, Mohamad 
ashid, Syed 


New South Wales Branch 


Seo, Jongmin 
Simons, Robert 
Sledziona, Luke 
Sultana, Nargish 
Vrazalic, Lejla 
Ward, James 
Wydan, Anh 
Yuwono, Welly 
Provisional Associate 
Basri, Zenobia 
Gill, Sandeep 
Leslie, Chris 
Tran, Quoc 
Student 

Abbas, Nasir 
Audh, Sherwin 
Chau, Agnes 
ogra, Rajeev 
‘ong, Wai 
Korjenic, Semir 
eung, Karen 
Oh. Yun 

Raza, Imran 
Sader, Imad 
an, Nicholas 
ongjai, Tawan 
ran, Van 

se, Ken 

Wu. Hui 

Yang, Ling 
Zeman, Tomasz 


Northern Territory Branch 


Associate 

Mading, Jok 

Overseas Group Branch 
Member 

Abu Kashef, Mousa 
Caillavet. Naguy 
Chandra Bose, Duethy 
Chew, Phek 

Chia, Ching 

Coll, Jim 

Crawley, James 
ernando, Sattambige 
Glazirin, Alexey 
annigan, Daniel 
eng, Ee 

Kiely, David 

Kotyza, Brestislav 

ee, Yoke 

Mills, Ryan 

Nam, Patrick 

Oo, Zeya 

alpan Yacolca, Marisol 
Prieto Daza. Guillermo 
Pugh, Peter 
Srinivasan, Subramani 
Vaghjiani, Vinod 

Wong, Pang 

Associate 
Aljamal, Samer 

Amaran, Sethulingam 
Arellano, Victoria 

Chumbley. Lester 

D'Souza, Lavina 

FitzPatrick, Keith 
Hadunduwa Arachchige Don, 
Saman 
Hu, Jie 
Janssen, Volker 
Jayarathna, Jayantha 
Jayasekara, Rohana 
Jeung, Dong 
Kettaneh, Mohammad 


Kothalawala, Thanuja 
Lal, Satish 
Lee, Soo 

Makin, Keit! 


Mohammed Aboobacker, Zakeer 


Muhammad, Imran 
Muhammad, Younus 
Oosthuizen, George 
Polesskiy, Anton 
Rasheed, Haroon 
Ratna, Gabriel 
Rawal, Manish 
Saldin, Ishara 
Sarfaraz Ahmed, Rashid 
Sledge, Kenneth 

Stone, Pamela 

8, Bert 

homas, Michael 

iwari, Purshottam 

ran, Trinh 

Wong, Tat 

Zackaria, Anvar 
Provisional Associate 
Fan, Chun 

King, Damian 
Queensland Branch 
Companion 

Grimley, John 

Member 

Bustamante, Hugo 
Cause, Grantley 
Hollings, Sarah 
McKeering, David 
Pasumarty, Satyanarayana 
Associate 

Ashby, Claire 

Bekkeli, Roy 

Chan, Tiffany 
Chralowicz, Joshua 
Colborne, Christopher 
Kim, Do 

Knack, Adrian 

Marsh, Janelle 

Mitchell, Stephen 

Rose, Adam 

Stormont, Jonathan 

an, Alex 

ang, Bonnie 

yson, Leigh 

Williams, Edwina 

Ye, Jing 

Provisional Associate 
oyd, Andrew 

ouglas, Evan 

May. Lynette 

Student 

ell. David 

Gounder, Seema 

Grech, Daniel 
Hettiarachchi, Luvini 
saksen, Luke 
Johnston, Mathew 
Mejia, Oscar 

Ronalds, Luke 

Sauve, Robert 

Steer, Selby 

Thonaprin, Nalini 
Trenfield, Andrew 


South Australia Branch 


Companion 

Halley, Donald 
Member 

Cooper, Gregory 
Dunemann, Michael 


Kite, Stephen 
Lehmann, Julie 
Moore, Tom 
Richards, Grant 

Tran, Quyen 

Ware, Trent 
Associate 

Floyd, Karen 

Hayfa, Amir 

Kaczor. Krzysztof 
Russo, Nicole 

Sabic, Adin 

Wood, Michael 
Provisional Associate 
Ashworth, Keith 
Croucher, John 
Sharp, Jeffrey 
Student 

arker, Lorraine 
ossain, Anwer 

i, Min 

i, Song 

aradowski, Michael 
hillips, Sharon 
Tasmania Branch 
Member 

illey, Peter 
Spaulding, Stephen 
Associate 
Begosvich, Nicolay 
Fenton, Joss 

rench, Philippa 
Ralph, Matthew 
Student 

Kwok, Alvin 
Victoria Branch 
Member 

Abdul Razeed, Toby 
Babbar, Sameer 
Cornips, Stephan 
Dudgeon, Graeme 
Frinking, Martin 
Jenkins, David 
Lapham, Timothy 
Le, Dzung 
Legrand, Pierre 
Machado, Gerard 
Main, lan 
Mason, Monika 
Muhita, Hunja 
Nagar, Girish 
‘Hanrahan, Martin 
Park, Jordan 

Pino, Tindaro 
Rodger, Michael 
Serna, Marvin 
Woodward, John 
Associate 

Abdul Ahad. Irfan 
Athikkannan, lyyamani 
Bain, Christopher 
Brough, Adam 
B 
E 


— 


ruce, Daniel 
an, David 

ung Yan, Henry 
ddy, Nick 
argetta, Allan 

leming, Sean 

otiadis, Kristy 

Garde, Felicity 

Giri, Bhola 

Gray, Connor 

rugal Bandaralage, Bodhaka 
sh, Ruchir 


R t| dd d AUSTRALIAN 

ecen y Gra C dp COMPUTER 
members of the ACS ek 
Canberra Branch Santoso, Denny Kolluru, Ravichandra Fursenko, Frank Klug, Tobias 


Konstant, Con 
Kwan, Queenie 
Lee, Hong 
Maslin, Daniel 
Nugroho Jap, Ferdinand 
Pigounis, Anthony 
Salter, David 
Sawmy, Mery 
Sebastian, Abs 
Stokie, Lloyd 
Sumithraarachchi, Indula 
Takouridis, Simon 

Tang, Cheuk 
Wiryadinata, Helen 
Wong, lan 
Wong, Timothy 
Zhou, Fan 
Student 
Agarwal, Anubhav 
Chan, Chia 
Chennell, lan 
Chong, Chun 

Chu, Zhi 
Coelle, Christopher 
harmasena, Anjana 
olfini, John 
Fernando, Patrick 
ananto, Antonius 
Janevski, Stefan 
Jia, Da 
Kaleta, Amanda 
imantoro, Lieke 
uecke, Andrew 
Machao, Moses 
Mahecha, Luisa 
Modidi, Ofentse 
Mong, Sochenda 
Mozhyna, Oksana 
Paul, Manoranjan 
Portelli, Sean 

Shah, Jagrutkumar 
Su, Yu 
Sunnooman, Bibi 

Toogood, Victoria 

Yuen, Crispin 

Western Australia Branch 
Member 

Benson, Donna 

George, Phillip 

Parle, Yvonne 

Slater, Shaden 

Vijaya Kumar, Vishnu 

Willis, Warren 

Associate 

Andrews, Vaughan 

e Alwis, Manjitha 

Kuppusamy, Georgie 

Reyes, Jennifer 

an, Shihong 

anjapatkul, Wannaporn 
Provisional Associate 

ang, Yong 

Student 

Abdul Sattar, Mohammad 
ackson, Patrick 

Kirana, Christiaan 

Nepoleon, Reena 

Ratilal, Armand 

Setianegara, Dony 

Shah, Prasheel 

Sidigi, Mohammad 

Stoleski, Dean 

Tan, Steven 

Vaghela, Dipesh 


An interactive 
evening forum 


FREE to ACS 
members.” 
Adelaide..........s00000 October 27 
Brisbane**......... November 10 
Perth iis: scescstccr: November 16 
| SYON CY xonscccsssccewes November 23 
- Melbourne........... November 24 
Canberra... November 25 
> Hobart cccccseccccce November 30 
Darwin ......cceceeseeees December 6 


** Breakfast session 
* Please check with your local branch as 
non-member registration fees vary. 


About the Presentation 


The evolution of technology has 
bought many business benefits. 

Linda Zeelie’s presentation will show 
that the key to unlocking business 
benefits lies not in having new 
technology or in being able to define 
the benefits required, but in the 
processes that surround the use of 
new technologies. 

Linda will examine ways to use new 
advances in technology to deliver 
benefits including leveraged and agile 
models, accelerated development 
methodologies and off-shoring. As 
with all technological eras this one is 
not without its challenges. 

This presentation will take a brief 
look at previous eras in order to 
characterise the new era, to identify 
the challenges we face and possible 
lessons to be learnt. 


What the participants learn: 


e An understanding of the challenges 


faced in delivering business benefits 
using new technologies. 


e Ways to use new technologies 


(techniques) to deliver business 
benefit. 


¢ The focus and examples will be 


mainly from an application services 
perspective. 


Education across the Nation: 4th Quarter 2004 


ACS Professional Development Board 


About the Presenter 


Linda Zeelie has 20 years experience 
in the IT industry and is currently a 
member of the management team with 
the EDS Adelaide Solution Centre. 
Her experience incudes project 
management, software development, 
general management and quality 
management spanning a number of 
industry sectors including defence 
and related industries, justice, energy, 
banking and general consulting. 

Her tertiary IT qualifications are 
complemented by accreditations as a 
PMI PMP and PRINCE 2 Foundation 
certified project manager, Leader 
Quality Auditor and a Certified 
Quality Analyst. 

In Linda’s current role as the 
Applications Services Manager she 
heads up the applications delivery 
component for a large commercial 
banking software program. In 
addition, Linda manages the 
Adelaide Solution Centre’s 40 project 
managers as part of the Centre’s 
Project Management Practice. 


Who should attend: 
e IT Managers 

¢ Project Managers 
e Lead Technologies 


e Applications and Systems 
Architects 


¢ Business Analysts 


We need your help to get this right 


ACSLearn helps you learn about what’s hot in ICT in areas such as strategy, 
governance, business value, security, technology, business processes, project 
management and interpersonal skills. It’s an e-Learning initiative with short 
lessons that include additional links to more detailed objective information. 


We've built a prototype of ACSLearn so we can get your feedback while we 
identify key issues, make decisions about publishing rights, access rights and 
operational processes plus generate more e-lessons. 


Sample Topics 


Business Process Basics 

Business Process Management 
Customer Relationship Management 
Enterprise Content Management 
Supply Chain Management 


Main Category 


Business Processes 


Agile Methods 
Business Cases 


Project Management 


Biometrics 
Identity Management 


Security Issues 


Business Models 
Compliance Challenge 
Business Value of IT 
“Does IT Matter?” Debate 
Strategy Maps 

IT Governance 


Strategy & Planning 


Collaborative Software 
RFID 


Technology 


There’s a full list of planned topics at our prototype ACSLearn site. We'll be 
adding new lessons during 2004-2005. Perhaps you would like to suggest a 
new topic and help us develop it? Email us at acslearn@acsvic.com 


ACSHearn keepsiyouon top of what’s hotsin ICT 


Please play with our | 
prototype at 
www.acs.openlab.net.au 

You'll find forums at the prototype site so 

you can give us your feedback. 


We'd like to know: 


¢ Do you agree with the proposed main 
categories for lessons? 


¢ There’s a list of proposed topics within 
categories at the prototype — what's 
missing that you’d like to learn about? 


e Are these lessons useful? 
¢ Would you like to contribute lessons? 


¢ Should all lesson contributors be ACS 
members? 


¢ Should ACSLearn be for members only? 


See what others think about these issues, 
and tell us what you think. 


Benefits for 
ACS members 
¢ Rapid access to knowledge 


¢ Greater recognition in marketplace 
for ACS members 


¢ Study companion throughout your 
career 


¢ Current information when you need it 
e Interact with your peers 


ACS042 


